Bernhard Schmidt <be...@debian.org> wrote: > Chris Lamb <la...@debian.org> wrote: > >> It was just mentioned "en passant" in a conversation at DebConf that >> bind9 is shipping a root hint file from 2003. > > FWIW, the bug about this is #860794. I have just upgraded it to grave > since DNSSEC validation will stop working in October, and it has not > been fixed anywhere.
Err, not the root hint, but the very much more severe DNSSEC root key. I think the current versions default to managed-keys which means they should keep working on the rollover event as long as they have been running for some time before, but new installations will break. Bernhard