Testing RFC 5011 key roll
Jan-Piet Mens
jpmens.dns at gmail.com
Sat Apr 18 07:13:36 UTC 2015
Edward,
the subject of this message piqued my interest ;-)
> 17-Apr-2015 10:17:02.083 starting BIND 9.10.0 -g -c rfc5011.conf
Very ouch. Much pain. Lots frustration. Many hairpulls. Mucho crash. ;)
Upgrade to 9.10.2 [1] in which Evan fixes the CVE we discovered on
RFC5011 rolls and, thankfully, adds comments to BIND's managed-keys.db
in which BIND then tells us nice things, e.g. whether key is trusted,
revoked, etc.
-JP
[1] https://kb.isc.org/article/AA-01257/0/BIND-9.10.2-Release-Notes.html
More information about the bind-users
mailing list