tsig test failing with native-pkcs11
The tsig system test fails when BIND is built with
--enable-native-pkcs11 using SoftHSMv2.
I:tsig:check that multiple dnssec-keygen calls don't emit dns_dnssec_findmatchingkeys warning I:tsig:failed
This may be a problem with generating DH keys. The
dnssec-keygen output looks like this:
dnssec-keygen: warning: pkcs11dh_link.c:458: pkcs_C_GenerateKey: Error = 0x00000005 dnssec-keygen: fatal: failed to generate key example.net/DH: crypto failure