Re: Bind 8.2 Integration

[Andreas Jaeger <aj at suse dot de>]

>>>>> Mark Kettenis writes:

 >    From: Andreas Jaeger <aj@suse.de>
 >    Date: 26 Nov 1999 13:48:12 +0100

 >    Hi Zack, Mark and all others,

 >    About half a year ago Zack and Mark looked at the integration of the
 >    resolv code from bind 8.2 into glibc.  Since then nothing happened.
 >    Was it just a lack of time or interest or did you encounter any
 >    serious problems?

 > At the time there appeared to be some serious problems, since there is
 > some support for strong cryptography in the BIND 8.2 distrubution.  It
 > turns out that not all of the cryptography code is needed in the
 > resolver library.  The idea is that if you want to use secure DNS the
 > cryptography isn't done in the resolver stub itself, but by a trusted
 > named.  So it seems that we do not need to provide any strong
 > cryptography in glibc.

 > However, the new res_sendsigned/res_nsendsigned interfaces, do use the
 > HMAC_MD5 algorithm which is integrated in the same framework as the
 > strong cryptography code.  It is easy to compile the cryptography
 > code (which lives in `src/lib/dst' in the BIND distribution) such that
 > it only supports the HMAC_MD5 algorithm but there may be some
 > problems:

I've avoided the res_sendsigned/res_nsendsigned interfaces completly
(and also the resfindzonecut interface).  This means that the
resulting libresolv can not be used by named, nslookup or dig.  But it
can be used instead of the old libresolv and we can export it.

The big advantage of this version of libresolv are it's
multi-threading features.  We don't have anymore a big lock which
allows only one thread in res_send.

Does any distribution link currently named, dig and nslookup from
bind8 or bind4 against libresolv from glibc?  I don't think so and
therefore we shouldn't have problem with a slightly reduced libresolv.

Andreas
-- 
 Andreas Jaeger
  SuSE Labs aj@suse.de
   private aj@arthur.rhein-neckar.de