Re: bind 9.6.2 dnssec validation bug

2011-02-15 Thread Ollivier Robert
According to Chris H: Unless you need/allow recursion for your internal || stealth || seconds/slaves In fact, that's the _only_ reason I haven't already switched to unbound. I must be missing something, you can restrict/allow recursion. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve!

Re: bind 9.6.2 dnssec validation bug

2011-02-11 Thread perryh
Ollivier Robert robe...@keltia.freenix.fr wrote: Or switch to unbound. ^^^ Cute name, but perhaps a tiny bit misleading as to the product's origin -- the first thing I thought of on seeing a name like that was the FSF. Not this time: although its development was

Re: bind 9.6.2 dnssec validation bug

2011-02-11 Thread Chris H
On Thu, February 10, 2011 2:47 pm, Ollivier Robert wrote: According to Russell Jackson: Looks like I should just suck it up and start using the bind97 port. Or switch to unbound. Unless you need/allow recursion for your internal || stealth || seconds/slaves In fact, that's the _only_

Re: bind 9.6.2 dnssec validation bug

2011-02-10 Thread Ollivier Robert
According to Russell Jackson: Looks like I should just suck it up and start using the bind97 port. Or switch to unbound. -- Ollivier ROBERT -=- FreeBSD: The Power to Serve! -=- robe...@keltia.freenix.fr In memoriam to Ondine : http://ondine.keltia.net/

bind 9.6.2 dnssec validation bug

2011-02-06 Thread Russell Jackson
I haven't seen any mention of this anywhere. Are there any plans to update BIND in the 8.1/8.2 branches? https://www.isc.org/announcement/bind-9-dnssec-validation-fails-new-ds-record -- Russell A. Jackson r...@csub.edu Network Analyst California State University, Bakersfield

Re: bind 9.6.2 dnssec validation bug

2011-02-06 Thread Jeremy Chadwick
On Sun, Feb 06, 2011 at 05:05:08PM -0800, Russell Jackson wrote: I haven't seen any mention of this anywhere. Are there any plans to update BIND in the 8.1/8.2 branches? https://www.isc.org/announcement/bind-9-dnssec-validation-fails-new-ds-record This was discussed vehemently in December

Re: bind 9.6.2 dnssec validation bug

2011-02-06 Thread Doug Barton
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02/06/2011 20:58, Jeremy Chadwick wrote: | On Sun, Feb 06, 2011 at 05:05:08PM -0800, Russell Jackson wrote: | I haven't seen any mention of this anywhere. Are there any plans to | update BIND in the 8.1/8.2 branches? | |

Re: bind 9.6.2 dnssec validation bug

2011-02-06 Thread Russell Jackson
On 02/06/2011 10:16 PM, Doug Barton wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA256 On 02/06/2011 20:58, Jeremy Chadwick wrote: | On Sun, Feb 06, 2011 at 05:05:08PM -0800, Russell Jackson wrote: | I haven't seen any mention of this anywhere. Are there any plans to | update BIND in the