bind < 9.7.2 can return SERVFAIL for unsigned zones
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bind9 (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: bind9
https:/
Per this dns-operations thread, this bug can cause operational issues for DNSSEC validating resolvers for .net and .com TLD zones (and perhaps others, I'm not quite sure what the scope of the bug is). The thread is an announcement on behalf of Verisign indicating the potential for operational impact when the com. zone is signed in March 2011.
Bug 651875 was created about this issue and is marked fix released though no visible action has been taken (and I don't seem to be able to change the status of or draw attention to that bug report).
I'm not sure if this is the correct response in terms of Ubuntu package management, but it seems that one of the potential responses to this is to put upgrade the bind9 package to 9.7.2 for all currently supported releases of Ubuntu as this has operational and perhaps security implications.
description: | updated |
description: | updated |
Bug 651875 is marked as fixed in the development release (it has 1:9.7.2. dfsg.P3- 1.1), but is Confirmed (and not fixed) for Ubuntu 10.04 LTS. As such, I am marking this bug as a duplicate.