On Fri, 17 Apr 2020, John D. Baker wrote: > A netbsd-9/sparc host produces identical output to your example. When > next I am able, I will boot the primary name server with netbsd-9 and > run the test again.
Before doing that, I had occasion to build 8.99.34 (just before sparc switched to GCC7--for testing something else) and updated a clone of the netbsd-8 NFS root for the primary name server. After the requisite 'etcupdate' and 'postinstall', running: $ dig +multi -t DNSKEY . > /tmp/tmp-root-keys $ dnssec-dsfromkey -f /tmp/tmp-root-keys . produces the same output as your example and netbsd-9/{sparc,amd64}: . IN DS 20326 8 1 AE1EA5B974D4C858B740BD03E3CED7EBFCBD1724 . IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D The "bind.keys" file is the same as on up-to-date netbsd-{7,8,9,current} aside from RCS IDs. As such, DNSSEC works properly on NetBSD/sparc-8.99.34. -- |/"\ John D. Baker, KN5UKS NetBSD Darwin/MacOS X |\ / jdbaker[snail]consolidated[flyspeck]net OpenBSD FreeBSD | X No HTML/proprietary data in email. BSD just sits there and works! |/ \ GPGkeyID: D703 4A7E 479F 63F8 D3F4 BD99 9572 8F23 E4AD 1645