Re: bind9 shipping outdated root hint file (etc.)
- Date: Tue, 8 Aug 2017 21:43:28 +0000 (UTC)
- From: Bernhard Schmidt <berni@xxxxxxxxxx>
- Subject: Re: bind9 shipping outdated root hint file (etc.)
Chris Lamb <lamby@xxxxxxxxxx> wrote:
> It was just mentioned "en passant" in a conversation at DebConf that
> bind9 is shipping a root hint file from 2003.
FWIW, the bug about this is #860794. I have just upgraded it to grave
since DNSSEC validation will stop working in October, and it has not
been fixed anywhere.
> I had a quick glance at the bug list and saw it was a little larger
> than I would have liked for what is clearly a critical piece and
> infrastructure. :)
> Lamont, can you comment? Anyone interested in helping out here…?
I'd be willing to help here. I rely on BIND at work and we have started
to roll our own packages anyway, mostly due to 9.11 not making it into
Stretch which we need for DNSSEC key management. But I think bind9
deserves a larger team.