DNSSEC with 9.7.2-P2
Lightner, Jeff
jlightner at water.com
Fri Nov 12 15:45:57 UTC 2010
Not a hole if you look at the reasoning for Fedora itself. It has a
short lifecycle and they expressly tell folks not to use it for
Production due to this. It is meant to be bleeding edge for testing the
latest/greatest. It is used as a test bed for what makes it into RHEL.
For Production (RPM based system) you should use RHEL or CentOS which
has a much longer life cycle. (Speaking of which, RHEL6 was just put in
general release this week.) Of course the downside to this is that they
often don't have the latest BIND packages built but they do backport
security fixes from later BIND packages into the earlier one and do add
some features from the later ones into the earlier one.
-----Original Message-----
From: bind-users-bounces+jlightner=water.com at lists.isc.org
[mailto:bind-users-bounces+jlightner=water.com at lists.isc.org] On Behalf
Of Phil Mayers
Sent: Friday, November 12, 2010 10:33 AM
To: bind-users at lists.isc.org
Subject: Re: DNSSEC with 9.7.2-P2
On 12/11/10 14:51, Alan Clegg wrote:
> On 11/12/2010 7:49 AM, David Forrest wrote:
>> While running BIND 9.7.2-P2 built with defaults on F11
>
> [..]
>
>> and, on checking named.conf, I found the entry for br. as:
>> trusted-keys {
>> "br." 257 3 5
>>
"AwEAAdDoVnG9CyHbPUL2rTnE22uN66gQCrUW5W0NTXJBNmpZXP27w7PMNpyw3XCFQWP/XsT
0pdzeEGJ400kdbbPqXr2lnmEtWMjj3Z/ejR8mZbJ/6OWJQ0k/2YOyo6Tiab1NGbGfs513y6d
y1hOFpz+peZzGsCmcaCsTAv+DP/wmm+hNx94QqhVx0bmFUiCVUFKU3TS1GP415eykXvYDjNp
y6AM=";
>> };
>
> If Fedora 11 (I'm assuming that is what "F11" is) has built in
> trust-anchors in the distributed named.conf, someone needs to talk to
> them...
They have, by bundling a copy of dnssec-conf. In addition, there is no
system scheduled cron job to update these IIRC - the expectation was
that RPM updates would do the job - and sadly F11 is now "off support",
which is a bit of a hole in the reasoning :o(
_______________________________________________
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
Proud partner. Susan G. Komen for the Cure.
Please consider our environment before printing this e-mail or attachments.
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------
More information about the bind-users
mailing list