[Bug 651875] [NEW] Bind 9.7.0-P1 validation errors
651875 at bugs.launchpad.net
Thu Sep 30 09:53:08 BST 2010
Public bug reported:
Binary package hint: bind9
Ubuntu 10.04 LTS still uses Bind 9.7.0-P1, which has a serious validation bug.
When turning on DNSSEC, NXdomains are reported as SERVFAILS:
; <<>> DiG 9.7.0-P1 <<>> www.bbc.net.uk aaaa
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 46074
See also the discussion on the Bind User list: http://www.mail-
archive.com/bind-users at lists.isc.org/msg05701.html
There was a proposed patch, but it was never released because Bind 9.7.0
is no longer supported by ISC, and should be upgraded to Bind 9.7.1-P2
Since DNSSEC is gaining momentum, and more and more TLD's and domains
are DNSSEC signed, this bug is starting to annoy more and more people
that rely on log errors for Bind when introducing DNSSEC.
** Affects: bind9 (Ubuntu)
Bind 9.7.0-P1 validation errors
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to bind9 in ubuntu.
More information about the Ubuntu-server-bugs