NSEC3 validation fails for some wildcard records, in BIND pre-9.8.2b1 - consider updating 12.04LTS package
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
bind9 (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
In some situations (a non-tiny zone size), BIND9.8 pre-9.8.2b1 fails to correctly validate NSEC3 records covering wildcard names.
This is recorded in BIND's CHANGES:
3175. [bug] Fix how DNSSEC positive wildcard responses from a
Ubuntu's stock configuration enables DNSSEC validation (this is good), but with 12.04 LTS being likely to be in production use for many more years, it would be helpful if this fix was back-ported. See https:/
Note that 14.04LTS uses BIND 9.9 which already contains this fix. This bug report is to request a fix to 12.04LTS.