[dns-operations] BIND and the upcoming .COM DNSSEC change
Florian Weimer
fw at deneb.enyo.de
Sun Mar 27 18:45:07 UTC 2011
It's not clear to me how buggy versions of BIND (9.6-ESV, in
particular) react to DNSSEC-related changes as described in:
<http://www.verisignlabs.com/documents/BIND-DS-Servfail.pdf>
Will a server restart be sufficient in all cases, even if the resolver
has enabled DLV?
I'm also a bit concerned that 9.6-ESV is effectively end-of-life.
(There's another fix for zone availability issues under DNSSEC which
hasn't been back-ported to it, either.) Have I missed a public
statement from ISC on this matter?
Background: I suppose Debian needs to issue an advisory, now without
the fix in code, and I want to get the facts straight.
More information about the dns-operations
mailing list