Deprecation notice for BIND 9.18: (root-)delegation-only option
Ondřej Surý
ondrej at isc.org
Wed Mar 22 16:36:00 UTC 2023
Hi,
in line with our deprecation policy, I am notifying the mailing list about our intent
to deprecated the delegation-only and root-delegation-only options. This is again
adept for expedited deprecation - it will be removed in BIND 9.20 and deprecated
in BIND 9.18.
The (root-)delegation-options were introduced as a countermeasure for the infamous
Site Finder by Verisign[1]. With the controversy around this and introduction of DNSSEC,
the likelihood of this happening is infinitesimal.
If you don't even know what those options does, the TL;DR is that it disables
the non-delegation records for configured domains (TLD), this in turns might
break legitimate TLDs like .de, .fr, .museum and others [2][3].
If you know a legitimate reason to keep those options, please describe the use case
here or in the issue mention below.
This is tracked under https://gitlab.isc.org/isc-projects/bind9/-/issues/3953
1. https://en.wikipedia.org/wiki/Site_Finder
2. https://circleid.com/posts/the_name_domain_disrupted_by_site_finder_patch
3. https://www.afnic.fr/en/observatory-and-resources/news/warning-for-bind-and-delegation-only-users/
Ondřej
--
Ondřej Surý (He/Him)
ondrej at isc.org
My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours.
More information about the bind-users
mailing list