Evan Hunt <e...@isc.org> wrote:
> In 9.12.1 and the other upcoming maintenance releases, we've just reverted
> the change to validator.c that caused the problems. (That turns out to have
> the exact same effect as your patch does.)

Great, that will please my user, and I can use NTAs to work around the
problem until then.

> Apex CNAMEs are bogus, of course, but we do need to cope with them when
> they appear. We're going to revisit this issue in 9.12.2, once we've
> figured out how to solve the one problem without causing the other one.

I have said this already so I'm at risk of being a bore, but it would be
super cool if BIND could make use of the DS records (or PNEs) it gets in
referrals, instead of re-fetching them during validation. It should
provide a nice speed-up, as well as allowing the validator to avoid
looking into insecure subtrees, which will have the side-effect of
avoiding problems with apex CNAMEs.

f.anthony.n.finch  <d...@dotat.at>  http://dotat.at/  -  I xn--zr8h punycode
Fisher: Easterly 6 to gale 8, increasing severe gale 9 for a time in north.
Moderate or rough, occasionally very rough in north. Rain. Moderate or poor.
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list

Reply via email to