NATIVE_PKCS11 When using the NATIVE_PKCS11 option, BIND will use the PKCS#11 engine specified by the named_pkcss11_engine variable in /etc/rc.conf for *all* crypto operations. This is primarily intended to be used in an authoritative case. If BIND is also operating as a validating resolver, NATIVE_PKCS11 should not be used, because the HSM will be used for all crypto, including DNSSEC validations, and the HSM is likely to be slower than the CPU for this purpose. Additionally, the HSM might not support all of the PKCS#11 API functions needed for signature verification. GOST If using a chrooted instance of BIND on FreeBSD 8.x and 9.x, the OpenSSL engines MUST be accessible from within the chroot. If BIND is chrooted in /var/named, this can be achieved by either copying content of /usr/local/lib/engines into /var/named/usr/local/lib/engines, or by creating that directory and adding this line to /etc/fstab: /usr/local/lib/engines /var/named/usr/local/lib/engines nullfs ro 0 0 START_LATE Most of the time, BIND needs to start early in the boot process. Enable this if BIND starts too early for you and you need it to start later. TUNING_LARGE https://kb.isc.org/article/AA-01314/0 Tunes certain compiled-in constants and default settings to values better suited to large servers with 12/16GB+ of memory. This can improve performance on such servers, but will consume more memory and may degrade performance on smaller systems. ependabot/npm_and_yarn/devel/electron4/files/bl-1.2.3 FreeBSD GNOME current development ports (https://github.com/freebsd/freebsd-ports-gnome)
aboutsummaryrefslogtreecommitdiffstats
path: root/security/fsh
Commit message (Expand)AuthorAgeFilesLines
* Cleanup plistantoine2014-11-131-1/+0
* - Convert ports of science/ and security to new USES=pythonmva2014-10-251-1/+1
* - Add staging supportpawel2014-07-082-4/+3
* Resetting maintainership on ports that have not been staged and without anybapt2014-07-041-1/+1
* Add NO_STAGE all over the place in preparation for the staging support (cat: ...bapt2013-09-211-4/+2
* -remove MD5ohauer2011-07-03