[dns-operations] Looking for wildcard record served by a stable signed TLD nameserver

Florian Weimer fw at deneb.enyo.de
Mon May 12 17:33:19 UTC 2014


* Mark Andrews:

> What's needed here is for OS maintainers to actually "maintain"
> their OS's by including maintainence releases of the software they
> are shipping and not just cherry-pick security fixes back into older
> releases.  There are bugs which don't rise to the level of requiring
> a security advisary but are still critical bugs which need to fixed.

Common lore suggests that BIND is best compiled from source, so the
impact of downstreams in this area is fairly limited.  Sure, you get
the latest and greatest at the time of installation, but what happens
after that?

As far as I understand it, this is not about some version of BIND in
Fedora failing, but issues at ISP resolvers, so Fedora's maintenance
(which actually tracks upstream fairly aggressively) doesn't come into
play.



More information about the dns-operations mailing list