Verisign and Bind update

To: <debian-security@lists.debian.org>
Subject: Verisign and Bind update
From: "James Miller" <jimm@simutronics.com>
Date: Wed, 17 Sep 2003 10:12:01 -0500
Message-id: <[🔎] NDBBKABJBJCIJNAELLKEEECKJDAA.jimm@simutronics.com>
Reply-to: <jimm@simutronics.com>

Will the package maintainers of BIND be integrating the patches from
ISC-BIND to negate  Verisign's recent shenanigans?

--from ISC's web site --

In response to high demand from our users, ISC is releasing a patch for BIND
to support the declaration of "delegation-only" zones in caching/recursive
name servers. Briefly, a zone which has been declared "delegation-only" will
be effectively limited to containing NS RRs for subdomains, but no actual
data outside its apex (for example, its SOA RR and apex NS RRset). This can
be used to filter out "wildcard" or "synthesized" data from NAT boxes or
from authoritative name servers whose undelegated (in-zone) data is of no
interest.

Example named.conf entry for the zone:

zone "foo" {
     type delegation-only;
};
Release Candidates/Patches that support "delegation-only" zones:



->Jim

Reply to:

Follow-Ups:
- RE: Verisign and Bind update
  - From: "James Miller" <jimm@simutronics.com>
- Re: Verisign and Bind update
  - From: Ilkka Tuohela <hile@nixu.com>
- Re: Verisign and Bind update
  - From: Guido Hennecke <debian-security@debian.dyndns.org>

Prev by Date: unsubscribe
Next by Date: Pat on the back
Previous by thread: security updates vs. proposed-updates
Next by thread: RE: Verisign and Bind update
Index(es):
- Date
- Thread