[dns-operations] BIND validation problem with some DE zones [was: Operational Note -- DNSSEC for DE]
Larissa Shapiro
larissas at isc.org
Fri May 27 11:47:03 UTC 2011
Yes, we did. And, I don't think the changes file went out in the
advisory notices last night, (apologies for that, we were... running
hard) but we did.
Larissa
On 5/27/11 4:31 AM, Chris Thompson wrote:
> Last night I write
>
> [...]
>> I have a BIND patch from ISC against bug report 24631 which apparently
>> fixes the problem (it works for child.dnssec-bug.csi.cam.ac.uk anyway).
>> I will refrain from posting it here pending permission from ISC. (Not
>> that we could expect many BIND instances to get fixed before DENIC
>> unobscure the "de" DNSKEYs, anyway.)
>
> It turns out that ISC have slipped this into the new versions
> 9.6-ESV-R4-P1, 9.7.3-P1 and 9.8.0-P2 together with the ... umm,
> more serious bug fix! It is there in the CHANGES file as
> 3120. [bug] Named could fail to validate zones listed in a DLV
> that validated insecure without using DLV and had
> DS records in the parent zone. [RT #24631]
>
--
Larissa Shapiro
Internet Systems Consortium Product Manager
Technology Leadership for the Common Good
+1 650 423 1335
www.isc.org
More information about the dns-operations
mailing list