[dns-operations] Outdated RIPE NCC Trust Anchors in Fedora Linux Repositories

Randy Bush randy at psg.com
Fri Feb 5 17:46:22 UTC 2010

> We have discovered that recent versions of the Fedora Linux distribution
> are shipping with a package called "dnssec-conf", which contains the
> RIPE NCC's DNSSEC trust anchors. This package is installed by default as
> a dependency of BIND, and it configures BIND to do DNSSEC validation.
> Unfortunately, the current version of this package (1.21) is outdated
> and contains old trust anchors.

what a great lesson


More information about the dns-operations mailing list