On Fri, 17 Apr 2020, John D. Baker wrote:
> A netbsd-9/sparc host produces identical output to your example. When
> next I am able, I will boot the primary name server with netbsd-9 and
> run the test again.
Before doing that, I had occasion to build 8.99.34 (just before sparc
switched to GCC7--for testing something else) and updated a clone of
the netbsd-8 NFS root for the primary name server.
After the requisite 'etcupdate' and 'postinstall', running:
$ dig +multi -t DNSKEY . > /tmp/tmp-root-keys
$ dnssec-dsfromkey -f /tmp/tmp-root-keys .
produces the same output as your example and netbsd-9/{sparc,amd64}:
. IN DS 20326 8 1 AE1EA5B974D4C858B740BD03E3CED7EBFCBD1724
. IN DS 20326 8 2
E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
The "bind.keys" file is the same as on up-to-date netbsd-{7,8,9,current}
aside from RCS IDs.
As such, DNSSEC works properly on NetBSD/sparc-8.99.34.
--
|/"\ John D. Baker, KN5UKS NetBSD Darwin/MacOS X
|\ / jdbaker[snail]consolidated[flyspeck]net OpenBSD FreeBSD
| X No HTML/proprietary data in email. BSD just sits there and works!
|/ \ GPGkeyID: D703 4A7E 479F 63F8 D3F4 BD99 9572 8F23 E4AD 1645
