"broken trust chain" for non-existing AAAA records

lst_hoe02 at kwsoft.de lst_hoe02 at kwsoft.de
Mon Nov 29 22:40:13 UTC 2010

Zitat von Mark Andrews <marka at isc.org>:

> Is this still with BIND 9.7.0-P1 or something more recent?  If it
> is still BIND 9.7.0-P1 then please upgrade.  There really is no
> point debugging validation failures in BIND 9.7.0-P1 anymore as the
> validator has had really extensive changes since then.
> Please remember, that unlike most of the rest of named, the validator
> is still very much "new" code that hasn't had millions of users
> exercising it in the real world like the rest of the code base has.
> As a result it is still changing as we run into real world patterns
> that have not been seen in the lab or by those of us that have been
> running it in production for several years.  If you are validating
> you really need to follow the releases we make.

I was afraid of that. If using a pre-packed system you get only  
(backported) security fixes most of the time and managing a self  
compiled packaging is the thing one tries to avoid in using a  
pre-packed system :-(
I have not suspected that the code changed that much with minor  
version numbers, but of course this may not apply to DNSSEC.
I will try if i can get a "clean" update from source.

Thanks for the help


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6046 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20101129/af1d4c26/attachment.bin>

More information about the bind-users mailing list