Testing RFC 5011 key roll

Jan-Piet Mens jpmens.dns at gmail.com
Sat Apr 18 07:13:36 UTC 2015


the subject of this message piqued my interest ;-)

> 17-Apr-2015 10:17:02.083 starting BIND 9.10.0 -g -c rfc5011.conf

Very ouch. Much pain. Lots frustration. Many hairpulls. Mucho crash. ;)

Upgrade to 9.10.2 [1] in which Evan fixes the CVE we discovered on
RFC5011 rolls and, thankfully, adds comments to BIND's managed-keys.db
in which BIND then tells us nice things, e.g. whether key is trusted,
revoked, etc.


[1] https://kb.isc.org/article/AA-01257/0/BIND-9.10.2-Release-Notes.html

More information about the bind-users mailing list