Web lists-archives.com

Re: bind9 shipping outdated root hint file (etc.)




Bernhard Schmidt <berni@xxxxxxxxxx> wrote:
> Chris Lamb <lamby@xxxxxxxxxx> wrote:
>
>> It was just mentioned "en passant" in a conversation at DebConf that
>> bind9 is shipping a root hint file from 2003.
>
> FWIW, the bug about this is #860794. I have just upgraded it to grave
> since DNSSEC validation will stop working in October, and it has not
> been fixed anywhere.

Err, not the root hint, but the very much more severe DNSSEC root key.

I think the current versions default to managed-keys which means they
should keep working on the rollover event as long as they have been
running for some time before, but new installations will break.

Bernhard