[dns-operations] BIND and the upcoming .COM DNSSEC change

Florian Weimer fw at deneb.enyo.de
Sun Mar 27 18:45:07 UTC 2011

It's not clear to me how buggy versions of BIND (9.6-ESV, in
particular) react to DNSSEC-related changes as described in:


Will a server restart be sufficient in all cases, even if the resolver
has enabled DLV?

I'm also a bit concerned that 9.6-ESV is effectively end-of-life.
(There's another fix for zone availability issues under DNSSEC which
hasn't been back-ported to it, either.)  Have I missed a public
statement from ISC on this matter?

Background: I suppose Debian needs to issue an advisory, now without
the fix in code, and I want to get the facts straight.

More information about the dns-operations mailing list