[dns-operations] Please upgrade validators to at least BIND-9.7.2 before .com is signed

Florian Weimer fweimer at bfk.de
Wed Feb 2 15:28:03 UTC 2011


* Duane Wessels:

> We recommend anyone using BIND 9.6.2 through 9.7.0 for DNSSEC validation
> upgrade to 9.7.2 or later prior to 31 March 2011 (when the DS record for
> .com is planned to be published in the root zone).

Thanks for the heads-up.  It is appreciated.

Does ISC plan to fix this issue on the 9.6-ESV branch?

There is also another issue which has a similar impact on insecure
child zones, but it seems to materialize only if you use DLV without a
root trust anchor:

  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607794

This other issue was reported to ISC a while ago.

-- 
Florian Weimer                <fweimer at bfk.de>
BFK edv-consulting GmbH       http://www.bfk.de/
Kriegsstraße 100              tel: +49-721-96201-1
D-76133 Karlsruhe             fax: +49-721-96201-99



More information about the dns-operations mailing list