Not a hole if you look at the reasoning for Fedora itself. It has a short lifecycle and they expressly tell folks not to use it for Production due to this. It is meant to be bleeding edge for testing the latest/greatest. It is used as a test bed for what makes it into RHEL.
For Production (RPM based system) you should use RHEL or CentOS which has a much longer life cycle. (Speaking of which, RHEL6 was just put in general release this week.) Of course the downside to this is that they often don't have the latest BIND packages built but they do backport security fixes from later BIND packages into the earlier one and do add some features from the later ones into the earlier one. -----Original Message----- From: bind-users-bounces+jlightner=water....@lists.isc.org [mailto:bind-users-bounces+jlightner=water....@lists.isc.org] On Behalf Of Phil Mayers Sent: Friday, November 12, 2010 10:33 AM To: bind-users@lists.isc.org Subject: Re: DNSSEC with 9.7.2-P2 On 12/11/10 14:51, Alan Clegg wrote: > On 11/12/2010 7:49 AM, David Forrest wrote: >> While running BIND 9.7.2-P2 built with defaults on F11 > > [..] > >> and, on checking named.conf, I found the entry for br. as: >> trusted-keys { >> "br." 257 3 5 >> "AwEAAdDoVnG9CyHbPUL2rTnE22uN66gQCrUW5W0NTXJBNmpZXP27w7PMNpyw3XCFQWP/XsT 0pdzeEGJ400kdbbPqXr2lnmEtWMjj3Z/ejR8mZbJ/6OWJQ0k/2YOyo6Tiab1NGbGfs513y6d y1hOFpz+peZzGsCmcaCsTAv+DP/wmm+hNx94QqhVx0bmFUiCVUFKU3TS1GP415eykXvYDjNp y6AM="; >> }; > > If Fedora 11 (I'm assuming that is what "F11" is) has built in > trust-anchors in the distributed named.conf, someone needs to talk to > them... They have, by bundling a copy of dnssec-conf. In addition, there is no system scheduled cron job to update these IIRC - the expectation was that RPM updates would do the job - and sadly F11 is now "off support", which is a bit of a hole in the reasoning :o( _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users Proud partner. Susan G. Komen for the Cure. Please consider our environment before printing this e-mail or attachments. ---------------------------------- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. ---------------------------------- _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users