On Thursday, May 16, 2019 at 12:11:10 AM UTC-4, Grant Taylor wrote:
On 5/15/19 8:38 PM, noloader@gmail.com wrote:
I noticed OpenSSH offers integration with NetLab's ldns (https://github.com/NLnetLabs/ldns). As I understand things, ldns
provides DNSSEC functionality. It looks like a very useful library.
What does ldns provide that other DNS resolver libraries don't provide?
Hi Grant. I can't answer, sorry. Maybe the OpenSSH dev's can provide an answer. I'm hazarding a guess the devs had a compelling reason to add support for it.
Here is what I am seeing when I run configure:
goldmont:openssh-8.0p1$ ./configure --help
`configure' configures OpenSSH Portable to adapt to many kinds of systems.
...
Optional Packages:
--with-PACKAGE[=ARG] use PACKAGE [ARG=yes]
--without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no)
--without-openssl Disable use of OpenSSL; use only limited internal crypto **EXPERIMENTAL**
--without-stackprotect Don't use compiler's stack protection
--without-hardening Don't use toolchain hardening flags
--without-rpath Disable auto-added -R linker paths
--with-cflags Specify additional flags to pass to compiler
--with-cflags-after Specify additional flags to pass to compiler after configure
--with-cppflags Specify additional flags to pass to preprocessor
--with-ldflags Specify additional flags to pass to linker
--with-ldflags-after Specify additional flags to pass to linker after configure
--with-libs Specify additional libraries to link with
--with-Werror Build main code with -Werror
--with-solaris-contracts Enable Solaris process contracts (experimental)
--with-solaris-projects Enable Solaris projects (experimental)
--with-solaris-privs Enable Solaris/Illumos privileges (experimental)
--with-osfsia Enable Digital Unix SIA
--with-zlib=PATH Use zlib in PATH
--without-zlib-version-check Disable zlib version check
--with-ldns[=PATH] Use ldns for DNSSEC support (optionally in PATH)
--with-libedit[=PATH] Enable libedit support for sftp
--with-audit=module Enable audit support (modules=debug,bsm,linux)
--with-pie Build Position Independent Executables if possible
--with-ssl-dir=PATH Specify path to OpenSSL installation
--without-openssl-header-check Disable OpenSSL version consistency check
--with-ssl-engine Enable OpenSSL (hardware) ENGINE support
--with-prngd-port=PORT read entropy from PRNGD/EGD TCP localhost:PORT
--with-prngd-socket=FILE read entropy from PRNGD/EGD socket FILE (default=/var/run/egd-pool)
--with-pam Enable PAM support
--with-pam-service=name Specify PAM service name
--with-privsep-user=user Specify non-privileged user for privilege separation
--with-sandbox=style Specify privilege separation sandbox (no, capsicum, darwin, rlimit, seccomp_filter, systrace, pledge)
--with-selinux Enable SELinux support
--with-kerberos5=PATH Enable Kerberos 5 support
--with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty)
--with-xauth=PATH Specify path to xauth program
--with-maildir=/path/to/mail Specify your system mail directory
--with-mantype=man|cat|doc Set man page type
--with-md5-passwords Enable use of MD5 passwords
--without-shadow Disable shadow password support
--with-ipaddr-display Use ip address instead of hostname in $DISPLAY
--with-default-path= Specify default $PATH environment for server
--with-superuser-path= Specify different path for super-user
--with-4in6 Check for and convert IPv4 in IPv6 mapped addresses
--with-bsd-auth Enable BSD auth support
--with-pid-dir=PATH Specify location of sshd.pid file
--with-lastlog=FILE|DIR specify lastlog location common locations
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)