validating the fix for CVE-2025-40778
Petr Špaček
pspacek at isc.org
Mon Dec 15 07:53:47 UTC 2025
On 11. 12. 25 9:34, Veaceslav Revutchi wrote:
> On Wed, Dec 10, 2025 at 5:29 AM Darren Ankney <darren.ankney at gmail.com> wrote:
>>
>> Hi Veaceslav,
>>
>> I am able to resolve rawbank.cd using BIND 9.20.16:
>>
>
> Thank you, Darren, I see what you mean, using a local root does make a
> difference, I suppose that glue becomes more trustworthy.
>
> I was looking more for an explanation of why I was seeing different
> results on the three bind platforms, all supposedly patched for the
> CVE. The reply from Petr at ISC clarified it for me in the sense that the
> fix may be broken on that one system and I may need to follow-up with
> redhat.
>
> If I wanted to work around the poor setup at the root for ".cd" I
> understand I have options.
FTR the cd TLD delegation in root was fixed to avoid the cyclic
dependency and thus it cannot serve as a test vector anymore.
--
Petr Špaček
More information about the bind-users
mailing list