Re: bind9 shipping outdated root hint file (etc.)
- Date: Tue, 8 Aug 2017 21:47:34 +0000 (UTC)
- From: Bernhard Schmidt <berni@xxxxxxxxxxxxx>
- Subject: Re: bind9 shipping outdated root hint file (etc.)
Bernhard Schmidt <berni@xxxxxxxxxx> wrote:
> Chris Lamb <lamby@xxxxxxxxxx> wrote:
>> It was just mentioned "en passant" in a conversation at DebConf that
>> bind9 is shipping a root hint file from 2003.
> FWIW, the bug about this is #860794. I have just upgraded it to grave
> since DNSSEC validation will stop working in October, and it has not
> been fixed anywhere.
Err, not the root hint, but the very much more severe DNSSEC root key.
I think the current versions default to managed-keys which means they
should keep working on the rollover event as long as they have been
running for some time before, but new installations will break.