[dns-operations] Outdated RIPE NCC Trust Anchors in Fedora Linux Repositories

Stephane Bortzmeyer bortzmeyer at nic.fr
Sun Feb 7 21:02:02 UTC 2010

On Fri, Feb 05, 2010 at 09:46:22AM -0800,
 Randy Bush <randy at psg.com> wrote 
 a message of 15 lines which said:

> what a great lesson

Like Shane said, yes, but which lesson? For me, it means you should
not put trust anchors in binary packages, unless there is an automatic
update mechanism (is it the case with RedHat?). Another possible
lesson is that you should use DLV and not rely on static files. 

(The signing of the root won't help since there is no announced
timeline for the delegation, the insertion of DS records. Even if
there was, ".arpa" is not signed.)

More information about the dns-operations mailing list