Bug#1020529: 1:9.16.33-1~deb11u1 security upgrade breaks DNSSEC setups

I am currently inclining the revert the change. But it will silently break some configurations. There’s really no good option here, but I agree that breaking existing configurations is bad. Ondrej -- Ondřej Surý (He/Him) > On 24. 9. 2022, at 4:27, Marc Dequènes wrote: > > Quack, > > First,

Bug#1020529: 1:9.16.33-1~deb11u1 security upgrade breaks DNSSEC setups

Quack, First, Steinar, I had the same crash and you need to exclude 'inline-signing yes' if your zone uses 'allow-update' or 'update-policy'. A proper error message would have been welcome indeed. I was also struck by this breakage and my whole infra was down because I use unattended-upgrade

Bug#1020529: 1:9.16.33-1~deb11u1 security upgrade breaks DNSSEC setups

On Fri, Sep 23, 2022 at 12:09:45AM +0200, Ondřej Surý wrote: > Nope, the plan to follow upstream releases was acked by both the security > and release teams, so I am not doing anything really surprising here. Well, it is really surprising to users :-) Other packages that have been doing the same t

Bug#1020529: 1:9.16.33-1~deb11u1 security upgrade breaks DNSSEC setups

Control: severity -1 important Nope, the plan to follow upstream releases was acked by both the security and release teams, so I am not doing anything really surprising here. BIND 9 packages are following the patch releases for each minor release (in the traditional major.minor.patch version tr

Bug#1020529: 1:9.16.33-1~deb11u1 security upgrade breaks DNSSEC setups

On Thu, Sep 22, 2022 at 08:13:53PM +0200, Ondřej Surý wrote: > I am sorry this has caused inconvenience for you, but the original problem > here was that the implicit inline-signing with the dnssec-policy was also > problematic and causing other problems, see the upstream issue: > https://gitlab

Bug#1020529: 1:9.16.33-1~deb11u1 security upgrade breaks DNSSEC setups

Hi Steinar, I am sorry this has caused inconvenience for you, but the original problem here was that the implicit inline-signing with the dnssec-policy was also problematic and causing other problems, see the upstream issue: https://gitlab.isc.org/isc-projects/bind9/-/issues/3381 Especially th

Bug#1020529: 1:9.16.33-1~deb11u1 security upgrade breaks DNSSEC setups

Package: bind9 Version: 1:9.16.33-1~deb11u1 Severity: grave Hi, After applying the security updates for DSA 5235-1, named completely breaks and refuses to start. (This caused downtime in production for us.) The reason seems to be that the patch includes a full minor version bump, including policy