[Bug 651875] [NEW] Bind 9.7.0-P1 validation errors

Antoin Verschuren 651875 at bugs.launchpad.net
Thu Sep 30 09:53:08 BST 2010

Public bug reported:

Binary package hint: bind9

Ubuntu 10.04 LTS still uses Bind 9.7.0-P1, which has a serious validation bug.
When turning on DNSSEC, NXdomains are reported as SERVFAILS:

; <<>> DiG 9.7.0-P1 <<>> www.bbc.net.uk aaaa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 46074

See also the discussion on the Bind User list: http://www.mail-
archive.com/bind-users at lists.isc.org/msg05701.html

There was a proposed patch, but it was never released because Bind 9.7.0
is no longer supported by ISC, and should be upgraded to Bind 9.7.1-P2
at least.

Since DNSSEC is gaining momentum, and more and more TLD's and domains
are DNSSEC signed, this bug is starting to annoy more and more people
that rely on log errors for Bind when introducing DNSSEC.

** Affects: bind9 (Ubuntu)
     Importance: Undecided
         Status: New

Bind 9.7.0-P1 validation errors
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in ubuntu.

More information about the Ubuntu-server-bugs mailing list