[dns-operations] Please upgrade validators to at least BIND-9.7.2 before .com is signed
Florian Weimer
fweimer at bfk.de
Wed Feb 2 15:28:03 UTC 2011
* Duane Wessels:
> We recommend anyone using BIND 9.6.2 through 9.7.0 for DNSSEC validation
> upgrade to 9.7.2 or later prior to 31 March 2011 (when the DS record for
> .com is planned to be published in the root zone).
Thanks for the heads-up. It is appreciated.
Does ISC plan to fix this issue on the 9.6-ESV branch?
There is also another issue which has a similar impact on insecure
child zones, but it seems to materialize only if you use DLV without a
root trust anchor:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607794
This other issue was reported to ISC a while ago.
--
Florian Weimer <fweimer at bfk.de>
BFK edv-consulting GmbH http://www.bfk.de/
Kriegsstraße 100 tel: +49-721-96201-1
D-76133 Karlsruhe fax: +49-721-96201-99
More information about the dns-operations
mailing list