[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: bind9 shipping outdated root hint file (etc.)



Bernhard Schmidt <berni@debian.org> wrote:
> Chris Lamb <lamby@debian.org> wrote:
>
>> It was just mentioned "en passant" in a conversation at DebConf that
>> bind9 is shipping a root hint file from 2003.
>
> FWIW, the bug about this is #860794. I have just upgraded it to grave
> since DNSSEC validation will stop working in October, and it has not
> been fixed anywhere.

Err, not the root hint, but the very much more severe DNSSEC root key.

I think the current versions default to managed-keys which means they
should keep working on the rollover event as long as they have been
running for some time before, but new installations will break.

Bernhard


Reply to: