[dns-operations] Outdated RIPE NCC Trust Anchors in Fedora Linux Repositories

[Randy Bush]

> We have discovered that recent versions of the Fedora Linux distribution
> are shipping with a package called "dnssec-conf", which contains the
> RIPE NCC's DNSSEC trust anchors. This package is installed by default as
> a dependency of BIND, and it configures BIND to do DNSSEC validation.
> 
> Unfortunately, the current version of this package (1.21) is outdated
> and contains old trust anchors.

what a great lesson

randy