Evan Hunt <e...@isc.org> wrote: > > In 9.12.1 and the other upcoming maintenance releases, we've just reverted > the change to validator.c that caused the problems. (That turns out to have > the exact same effect as your patch does.)
Great, that will please my user, and I can use NTAs to work around the problem until then. > Apex CNAMEs are bogus, of course, but we do need to cope with them when > they appear. We're going to revisit this issue in 9.12.2, once we've > figured out how to solve the one problem without causing the other one. I have said this already so I'm at risk of being a bore, but it would be super cool if BIND could make use of the DS records (or PNEs) it gets in referrals, instead of re-fetching them during validation. It should provide a nice speed-up, as well as allowing the validator to avoid looking into insecure subtrees, which will have the side-effect of avoiding problems with apex CNAMEs. Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode Fisher: Easterly 6 to gale 8, increasing severe gale 9 for a time in north. Moderate or rough, occasionally very rough in north. Rain. Moderate or poor. _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
