Re: bind9 shipping outdated root hint file (etc.)

2017-08-19 Thread Jonathan de Boyne Pollard
Robert Edmonds: The only package in the archive that I know of that has a seriously deficient set of root hints is djbdns; it has 11/13 of the current set of IPv4 root server addresses, and 0/13 IPv6 root server addresses. (However, I don't believe the 'djbdns' binary package ships with the IP

Re: bind9 shipping outdated root hint file (etc.)

2017-08-08 Thread James Andrewartha
[not subscribed, please cc:] Hi Robert, LaMont, I'm familiar with the original conversation, so I had a look and found that the server had been installed in 2003, and that /etc/bind/db.root is a conffile, so perhaps there's historically a packaging problem where it's not being updated automatical

Re: bind9 shipping outdated root hint file (etc.)

2017-08-08 Thread Robert Edmonds
Chris Lamb wrote: > It was just mentioned "en passant" in a conversation at DebConf that > bind9 is shipping a root hint file from 2003. No, this is just wrong. The hints file shipped in the bind9 package in stretch is from 2016: ; This file holds the information on root name servers ne

Re: bind9 shipping outdated root hint file (etc.)

2017-08-08 Thread Bernhard Schmidt
Bernhard Schmidt wrote: > Chris Lamb wrote: > >> It was just mentioned "en passant" in a conversation at DebConf that >> bind9 is shipping a root hint file from 2003. > > FWIW, the bug about this is #860794. I have just upgraded it to grave > since DNSSEC validation will stop working in October,

Re: bind9 shipping outdated root hint file (etc.)

2017-08-08 Thread LaMont Jones
On Tue, Aug 08, 2017 at 04:47:27PM -0400, Chris Lamb wrote: > It was just mentioned "en passant" in a conversation at DebConf that > bind9 is shipping a root hint file from 2003. The version of db.root in stretch is from Feb 17, 2016. I suspect that the comment originates from the fact that I've

Re: bind9 shipping outdated root hint file (etc.)

2017-08-08 Thread Bernhard Schmidt
Chris Lamb wrote: > It was just mentioned "en passant" in a conversation at DebConf that > bind9 is shipping a root hint file from 2003. FWIW, the bug about this is #860794. I have just upgraded it to grave since DNSSEC validation will stop working in October, and it has not been fixed anywhere.

bind9 shipping outdated root hint file (etc.)

2017-08-08 Thread Chris Lamb
Hi -devel, It was just mentioned "en passant" in a conversation at DebConf that bind9 is shipping a root hint file from 2003. I had a quick glance at the bug list and saw it was a little larger than I would have liked for what is clearly a critical piece and infrastructure. :) Lamont, can you co