[dns-operations] BIND validation problem with some DE zones [was: Operational Note -- DNSSEC for DE]
Chris Thompson
cet1 at cam.ac.uk
Fri May 27 11:31:24 UTC 2011
Last night I write
[...]
>I have a BIND patch from ISC against bug report 24631 which apparently
>fixes the problem (it works for child.dnssec-bug.csi.cam.ac.uk anyway).
>I will refrain from posting it here pending permission from ISC. (Not
>that we could expect many BIND instances to get fixed before DENIC
>unobscure the "de" DNSKEYs, anyway.)
It turns out that ISC have slipped this into the new versions
9.6-ESV-R4-P1, 9.7.3-P1 and 9.8.0-P2 together with the ... umm,
more serious bug fix! It is there in the CHANGES file as
3120. [bug] Named could fail to validate zones listed in a DLV
that validated insecure without using DLV and had
DS records in the parent zone. [RT #24631]
--
Chris Thompson University of Cambridge Computing Service,
Email: cet1 at ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715 United Kingdom.
More information about the dns-operations
mailing list