This group is not bound bind specifiaclly but let me try ti answer anyway. I am Ganesh and I work for wipro. We are currently working on porting DNS BIND 4.8 to DNS BIND 9.2.3. My platform is HP-Nonstop servers. I have a specific query regarding the role of resolver library in DNSSEC. Query: Does DNS BIND 9.2.3 support caching and verification of RRs (resourse records) on the resolver library part by default? We are trying to port 4.8 resolver code to 9.2.3 resolver code. Since Our platfrom doesn't support OPenssl, we are trying to lookout for this option. we wanted to know, whether by default any authentication is enabled at the resolver part in BIND 9.2.3. If I understand it peoperly, you platform doesn't has OpenSSL and therefore bind 9 wo'n compile and therefore you want to port the bind 4.8 resolver into bind 9. The internal structureof bind9 is completely different then bind 8, to merge parts of both, will be hopeless affaire. Earlier versions of bind9 is didn't support DBSSEC by default so could be compiled without openssl support. You might want to ask the bind developpers whether it is still possible to comile with the --enable-dnssec=NO flag set (or whatever the flag to configure is). A quick search for OpenSSL on the HP NON STOP dhos two announcement (July Update.pdf, September.pdf) about the availabilaty of OpenSSL in some form. jaap