question about bind bug fixed in 9.6.2-P2
Cathy Almond
cathya at isc.org
Fri Jun 4 08:51:46 UTC 2010
Jack Tavares wrote:
> >>From the release notes:
> >
> > --- 9.6.2-P2 released ---
> >
> >
> > 2876. [bug] Named could return SERVFAIL for negative responses
> >
> > from unsigned zones. [RT #21131]
> >
> > Question:
> >
> > Does this bug only occur if dnssec is enabled?
> >
> > or only if dnssec validation is turned on?
You're only open to experiencing this problem if an answer passes
through the validator - so only if dnssec validation is enabled (meaning
that you also have to have a trust anchor configured too). Per the ARM:
"To enable named to validate answers from other servers, the
dnssec-enable and dnssec-validation options must both be set to yes (the
default setting in BIND 9.5 and later), and at least one trust anchor
must be configured with a trusted-keys statement in named.conf."
> >
> > or will it (potentially) occur regardless of whether or not either
of these options are used?
More information about the bind-users
mailing list