Fully automated DNSSEC with BIND 9.16
Petr Menšík
pemensik at redhat.com
Mon Apr 17 17:15:03 UTC 2023
You do not have to sift through lists. We provide quite detailed git
branch with each change we make. It has references to bugs related too.
I admit changes listed in release notes of bind9 releases are nicer. But
we do not hide what and why we do changes, publish them quite nice way
for c9s [1]. It would be the same c8s as well soon.
For important changes they are mentioned in release notes of the minor
release. But I admit we do not mention explicitly each bug we fix the
way ISC does. It would make our documentation unreadable.
In any case, even if we fall behind a couple of releases, any our
packages of bind 9.16 are capable of automated DNSSEC deployment just
fine. Sure, even we do not support it for RHEL7 or older.
[1] https://gitlab.com/redhat/centos-stream/rpms/bind/-/commits/c9s
On 4/17/23 15:10, Havard Eidnes wrote:
>> Our CentOS/RHEL 8 package are not just random BIND 9 snapshot.
> Then please let me suggest that there is possibly an issue with
> identification (customer said "9.16.23") and documentation of the
> actual changes that are incorprorated in your distribution, compared
> to the upstream-maintained patch releases published since that
> release. Sifting through those two lists and juding what's "needed"
> and what isn't quite quickly becomes an unmanageable task.
>
> Stability of the base version of BIND (perhaps in particular) should
> not be mis-interpreted as an indication of continuing operational
> safety.
>
> Otherwise I have sympathy with Ondřey Surý's message.
>
> Best regards,
>
> - Håvard
--
Petr Menšík
Software Engineer, RHEL
Red Hat, https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
More information about the bind-users
mailing list