diff options
Diffstat (limited to 'dns/bind916/pkg-help')
-rw-r--r-- | dns/bind916/pkg-help | 30 |
1 files changed, 0 insertions, 30 deletions
diff --git a/dns/bind916/pkg-help b/dns/bind916/pkg-help deleted file mode 100644 index aa85330b21d7..000000000000 --- a/dns/bind916/pkg-help +++ /dev/null @@ -1,30 +0,0 @@ - NATIVE_PKCS11 -When using the NATIVE_PKCS11 option, BIND will use the PKCS#11 -engine specified by the named_pkcss11_engine variable in -/etc/rc.conf for *all* crypto operations. - -This is primarily intended to be used in an authoritative -case. - -If BIND is also operating as a validating resolver, -NATIVE_PKCS11 should not be used, because the HSM will be -used for all crypto, including DNSSEC validations, and the -HSM is likely to be slower than the CPU for this purpose. -Additionally, the HSM might not support all of the PKCS#11 -API functions needed for signature verification. - - - GOST -If using a chrooted instance of BIND on FreeBSD 8.x and 9.x, -the OpenSSL engines MUST be accessible from within the chroot. -If BIND is chrooted in /var/named, this can be achieved by -either copying content of /usr/local/lib/engines into -/var/named/usr/local/lib/engines, or by creating that directory -and adding this line to /etc/fstab: -/usr/local/lib/engines /var/named/usr/local/lib/engines nullfs ro 0 0 - - - START_LATE -Most of the time, BIND needs to start early in the boot -process. Enable this if BIND starts too early for you and -you need it to start later. |