Bernhard Schmidt <be...@debian.org> wrote:
> Chris Lamb <la...@debian.org> wrote:
>> It was just mentioned "en passant" in a conversation at DebConf that
>> bind9 is shipping a root hint file from 2003.
> FWIW, the bug about this is #860794. I have just upgraded it to grave
> since DNSSEC validation will stop working in October, and it has not
> been fixed anywhere.
Err, not the root hint, but the very much more severe DNSSEC root key.
I think the current versions default to managed-keys which means they
should keep working on the rollover event as long as they have been
running for some time before, but new installations will break.