On 2009-12-10 08:49, Niobos wrote:
Thank you very much for your help; I'll forward the conversation to the
bug-tracking list.
Since these are my first DNSSEC experiments, I just wanted to make sure that it
wasn't a problem with my understanding of the concept.
Niobos
This has been confirmed as a security-bug by ISC a while back. Due to
the potential exploit, they asked me not to release this information
until the fix was released.
BIND 9.6.1-P3 now contains the fix:
827. [security] Bogus NXDOMAIN could be cached as if valid. [RT #20712]
I can confirm that this version behaves as expected: keeps returning
SERVFAIL on bogus NXDOMAIN response.
Niobos
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users