----------------------------------------------------------------------- Debian Stable Updates Announcement SUA 125-1 http://www.debian.org debian-release@lists.debian.org Robert Edmonds September 9th, 2017 ----------------------------------------------------------------------- Package : unbound Version : 1.6.0-3+deb9u1 [stretch] 1.4.22-3+deb8u3 [jessie] Importance : medium The keys used to authenticate the root DNS zone for DNSSEC are in the process of being updated. Currently two such keys are in use, but from October 11th only the newer key will be in use. Further information regarding the key change process can be found at https://www.icann.org/resources/pages/ksk-rollover unbound is a DNS resolver which can use DNSSEC in order to validate the integrity of responses to DNS queries. This update fixes an issue which meant that new installs of unbound performed between September 11th and October 11th would not be able to validate the root zones. The update also forces an upgrade of the dns-root-data package to the version included in SUA-123-1, ensuring that DNSSEC validation of the root zones will continue to operate as expected after the key rollover. If you use unbound with DNSSEC validation, we strongly recommend that you install this update. Upgrade Instructions -------------------- You can get the updated packages by adding the stable-updates archive for your distribution to your /etc/apt/sources.list: deb http://ftp.debian.org/debian stretch-updates main deb-src http://ftp.debian.org/debian stretch-updates main or deb http://ftp.debian.org/debian jessie-updates main deb-src http://ftp.debian.org/debian jessie-updates main You can also use any of the Debian archive mirrors. See http://www.debian.org/mirrors/list for the full list of mirrors. For further information about stable-updates, please refer to http://lists.debian.org/debian-devel-announce/2011/03/msg00010.html If you encounter any issues, please don't hesitate to get in touch with the Debian Release Team at debian-release@lists.debian.org
Attachment:
signature.asc
Description: This is a digitally signed message part