[nsd-users] NSD and OpenSSL

Michael A. Peters mpeters at domblogger.net
Mon Aug 10 05:24:11 UTC 2015


I'm currently busy rebuilding many of my server applications to use 
LibreSSL instead of OpenSSL.

I noticed that NSD links against OpenSSL and I am curious as to if that 
is really necessary.

I am guessing some cryptographic functions are used when it pushed zone 
changes to slaves, but does it actually use a TLS connection?

I know earlier this year, many bitcoin clients that dynamically link 
against OpenSSL broke when OpenSSL pushed an update.

The fault was not OpenSSL, it was bitcoin clients to blame. Some 
developers pointed out that because bitcoin doesn't actually use TLS it 
really should have just had the cryptographic functions it needs in its 
own source. That would have prevented a bug fix to OpenSSL breaking the 

I am wondering if that is the case with NSD.


More information about the nsd-users mailing list