Ubuntu
bind9 package

bind < 9.7.2 can return SERVFAIL for unsigned zones

Bug #713917 reported by Ryan Rawdon
This bug report is a duplicate of:  Bug #651875: Bind 9.7.0-P1 validation errors. Edit Remove
258
This bug affects 1 person
Affects Status Importance Assigned to Milestone
bind9 (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: bind9

https://lists.dns-oarc.net/pipermail/dns-operations/2011-February/006724.html

Per this dns-operations thread, this bug can cause operational issues for DNSSEC validating resolvers for .net and .com TLD zones (and perhaps others, I'm not quite sure what the scope of the bug is). The thread is an announcement on behalf of Verisign indicating the potential for operational impact when the com. zone is signed in March 2011.

Bug 651875 was created about this issue and is marked fix released though no visible action has been taken (and I don't seem to be able to change the status of or draw attention to that bug report).

I'm not sure if this is the correct response in terms of Ubuntu package management, but it seems that one of the potential responses to this is to put upgrade the bind9 package to 9.7.2 for all currently supported releases of Ubuntu as this has operational and perhaps security implications.

See original description
Ryan Rawdon (flieslikeabrick)
description: updated
description: updated
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Bug 651875 is marked as fixed in the development release (it has 1:9.7.2.dfsg.P3-1.1), but is Confirmed (and not fixed) for Ubuntu 10.04 LTS. As such, I am marking this bug as a duplicate.

visibility: private → public
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.