"broken trust chain" for non-existing AAAA records
lst_hoe02 at kwsoft.de
lst_hoe02 at kwsoft.de
Mon Nov 29 22:40:13 UTC 2010
Zitat von Mark Andrews <marka at isc.org>:
>
> Is this still with BIND 9.7.0-P1 or something more recent? If it
> is still BIND 9.7.0-P1 then please upgrade. There really is no
> point debugging validation failures in BIND 9.7.0-P1 anymore as the
> validator has had really extensive changes since then.
>
> Please remember, that unlike most of the rest of named, the validator
> is still very much "new" code that hasn't had millions of users
> exercising it in the real world like the rest of the code base has.
> As a result it is still changing as we run into real world patterns
> that have not been seen in the lab or by those of us that have been
> running it in production for several years. If you are validating
> you really need to follow the releases we make.
I was afraid of that. If using a pre-packed system you get only
(backported) security fixes most of the time and managing a self
compiled packaging is the thing one tries to avoid in using a
pre-packed system :-(
I have not suspected that the code changed that much with minor
version numbers, but of course this may not apply to DNSSEC.
I will try if i can get a "clean" update from source.
Thanks for the help
Andreas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6046 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20101129/af1d4c26/attachment.bin>
More information about the bind-users
mailing list