Public bug reported:
In some situations (a non-tiny zone size), BIND9.8 pre-9.8.2b1 fails to
correctly validate NSEC3 records covering wildcard names.
This is recorded in BIND's CHANGES:
3175. [bug] Fix how DNSSEC positive wildcard responses from a
NSEC3 signed zone are validated. Stop sending a
unnecessary NSEC3 record when generating such
responses. [RT #26200]
Ubuntu's stock configuration enables DNSSEC validation (this is good),
but with 12.04 LTS being likely to be in production use for many more
years, it would be helpful if this fix was back-ported. See
https://lists.isc.org/pipermail/bind-users/2014-November/094191.html for
a recent example of this problem.
Note that 14.04LTS uses BIND 9.9 which already contains this fix. This
bug report is to request a fix to 12.04LTS.
** Affects: bind9 (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1395216
Title:
NSEC3 validation fails for some wildcard records, in BIND pre-9.8.2b1
- consider updating 12.04LTS package
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/bind9/+bug/1395216/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
