DLV records for TLD's signed using RASSHA256 (and RSASHA512)
will be added DLV.ISC.ORG in the next few days.
BIND 9.6.0 and BIND 9.6.0-P1 do not correctly handle these
records and it is recommended that you upgrade to BIND 9.6.1
or later. Thi
On 1/14/2010 8:11 AM, Evan Hunt wrote:
>>> We hear you. Expect a decision in the next few days.
>>
>> So, has the decision been made?
>>
>> [I am tentatively planning on going to 9.7 in production round about Easter,
>> in good time for the RSASHA256-signed root zone in July, but it would be
>> ni
> >We hear you. Expect a decision in the next few days.
>
> So, has the decision been made?
>
> [I am tentatively planning on going to 9.7 in production round about Easter,
> in good time for the RSASHA256-signed root zone in July, but it would be
> nice to have a fall-back option.]
I'm sorry,
On Dec 15 2009, Evan Hunt wrote:
(Doug Barton wrote)
BIND 9.6.2 is in the "b1" phase atm, which means that there is plenty
of time to get SHA2 in there and get the release out before a signed
root goes live. I encourage the folks at ISC to do so, and if you
agree I encourage you to make your vo
In message , Chris Tho
mpson writes:
> (But it's not too obvious to me that adding support for a new signing
> algorithm should necessarily be considered a "major functional change".)
If it was *just* adding a new signing algorithm then yes it would be a minor
change. A lot more happened under t
> BIND 9.6.2 is in the "b1" phase atm, which means that there is plenty
> of time to get SHA2 in there and get the release out before a signed
> root goes live. I encourage the folks at ISC to do so, and if you
> agree I encourage you to make your voice heard.
We hear you. Expect a decision in th
Evan Hunt wrote:
>> BIND 9.6.2 is in the "b1" phase atm, which means that there is plenty
>> of time to get SHA2 in there and get the release out before a signed
>> root goes live. I encourage the folks at ISC to do so, and if you
>> agree I encourage you to make your voice heard.
>
> We hear you.
Chris Thompson wrote:
> (Evan Hunt)
>> Adding SHA-2 to 9.6.x would violate our policy of making major
>> functional changes only in major releases, so I don't expect we'll
>> do that. Given the odd circumstances you mentioned, I won't say for
>> certain that we won't--but I doubt it.
>>
>> 9.7.0 i
On Mon, Dec 14, 2009 at 08:05:40PM -0800,
Doug Barton wrote
a message of 44 lines which said:
> While this reminder is timely and helpful, more welcome would be the
> news that BIND 9.6.2 is going to have actual support for
> RSASHA{256|512}.
No, it won't. Migrating to >= 9.6.1 is necessary t
On Dec 15 2009, Doug Barton wrote:
While this reminder is timely and helpful, more welcome would be the
news that BIND 9.6.2 is going to have actual support for
RSASHA{256|512}. My cursory reading of the 9.6.2b1 code does not seem
to indicate that it does, although I would be happy to be proven
keover!http://SupersetSolutions.com/
Mark Andrews wrote:
> With upcoming deployment of RSASHA256 to sign the root zone, ISC
> would like to remind BIND 9.6.0 and BIND 9.6.0-P1 users that use
> DLV, but have not yet upgraded, that they will need to upgrade to
> a more recent version of BIND 9.6.x as B
With upcoming deployment of RSASHA256 to sign the root zone, ISC
would like to remind BIND 9.6.0 and BIND 9.6.0-P1 users that use
DLV, but have not yet upgraded, that they will need to upgrade to
a more recent version of BIND 9.6.x as BIND 9.6.0 and BIND 9.6.0-P1
will not correctly handle
Hello All,
Is there a new version of rndcstats.pl available for bind-9.6.0-P1?
Regards,
Hossein Ahmadi
Verizon Wireless
The information contained in this message and any attachment may be
proprietary, confidential, and privileged or subject to the work
product doctrine and thus
d transaction'. After
this point DDNS updates don't work any more.
Is named supposed to process DDNS updates after receiving the thaw command
but before completely loading the zone file ?
This is with BIND 9.6.0-P1 on Solaris 10.
Regards,
Tom
___
Carl Fretwell wrote:
> Hi Everyone
>
>
>
> I have installed BIND 9.6.0-P1 on a Windows Server 2003 x64 system but
> when I come to start the âISC BINDâ service I always get a 1067 error
> which I read somewhere was due to permissions so made sure the user
> account
Hi Everyone
I have installed BIND 9.6.0-P1 on a Windows Server 2003 x64 system but when I
come to start the "ISC BIND" service I always get a 1067 error which I read
somewhere was due to permissions so made sure the user account password etc was
correct still didn't fix the is
In message , Ray Phillips writes:
> > You need to call gdb correctly.
> >
> > gdb /usr/local/bin/nsupdate nsupdate.core
>
> Thanks Mark.
>
> Sorry, I (obviously) don't have much of a clue about using gdb.
Looks like you have hit this bug.
2547. [bug] openssl_link.c:
at openssl_link.c:251
#11 0x080b9e10 in dst_lib_init (mctx=0x817, ectx=0x8184000, eflags=0)
at dst_api.c:183
#12 0x0804c43a in main (argc=Cannot access memory at address 0x2
) at nsupdate.c:772
(gdb) quit
%
I just built and installed bind-9.6.0-P1 on NetBSD/i386 4.0 and nsupdate
doesn't
> I've built bind 9.6.0-P1 on NetBSD/i386 machines (versions 3.1, 4.0,
> 4.0.1 and 5.0_RC2) and discovered that nsupdate dumps core on the 4.x
> ones.
I just built and installed bind-9.6.0-P1 on NetBSD/i386 4.0 and nsupdate
doesn't crash for me. (Built with default pthread a
In message , Ray Phillips writes:
> I've built bind 9.6.0-P1 on NetBSD/i386 machines (versions 3.1, 4.0,
> 4.0.1 and 5.0_RC2) and discovered that nsupdate dumps core on the 4.x
> ones.
>
> The build process was just:
>
> % sh -c './configure --disable-threads
I've built bind 9.6.0-P1 on NetBSD/i386 machines (versions 3.1, 4.0,
4.0.1 and 5.0_RC2) and discovered that nsupdate dumps core on the 4.x
ones.
The build process was just:
% sh -c './configure --disable-threads > configure.log 2>&1'
% sh -c 'make > make.log 2
own. In the meantime, please file a
bug report on this with bind9-b...@isc.org.
Danny
>
> -Original Message-
> From: Danny Mayer [mailto:ma...@gis.net]
> Sent: Monday, January 26, 2009 4:49 AM
> To: Kobi Shachar
> Cc: bind-users@lists.isc.org
> Subject: Re: BIND 9.6
Danny Mayer wrote:
> Kobi Shachar wrote:
>> Recently I upgraded my bind machine to a new windows 2008 server web
>> edition 32 bit with 2 E5420 quad core CPU's.
>>
>> The server is configured with about 7000 master zone files.
>>
>>
>>
>> Since the upgrade, BIND hangs every 5-10 hours.
>>
>> I ch
onday, January 26, 2009 4:49 AM
To: Kobi Shachar
Cc: bind-users@lists.isc.org
Subject: Re: BIND 9.6.0-P1 on windows server 2008 32 bit hangs
Kobi Shachar wrote:
> Recently I upgraded my bind machine to a new windows 2008 server web
> edition 32 bit with 2 E5420 quad core CPU's.
>
> Th
Danny Mayer wrote:
> Kobi Shachar wrote:
>> Recently I upgraded my bind machine to a new windows 2008 server web
>> edition 32 bit with 2 E5420 quad core CPU's.
>>
>> The server is configured with about 7000 master zone files.
>>
>>
>>
>> Since the upgrade, BIND hangs every 5-10 hours.
>>
>> I ch
Kobi Shachar wrote:
> Recently I upgraded my bind machine to a new windows 2008 server web
> edition 32 bit with 2 E5420 quad core CPU's.
>
> The server is configured with about 7000 master zone files.
>
>
>
> Since the upgrade, BIND hangs every 5-10 hours.
>
> I checked the logs and I saw th
Recently I upgraded my bind machine to a new windows 2008 server web edition
32 bit with 2 E5420 quad core CPU's.
The server is configured with about 7000 master zone files.
Since the upgrade, BIND hangs every 5-10 hours.
I checked the logs and I saw these lines on the default log:
5-ינו-
...@lists.isc.org] On Behalf Of bsfin...@anl.gov
Sent: Thursday, 8 January 2009 9:15 AM
To: bind-users@lists.isc.org
Subject: Re: BIND 9.6.0-P1 is now available (rob_aust...@isc.org)
Echoing a complaint made recently -- I saw the announcements of the
-P1 patch for the various supported versions of BIND via
9.6.0-P1 is now available (rob_aust...@isc.org)
Echoing a complaint made recently -- I saw the announcements of the
-P1 patch for the various supported versions of BIND via the
bind-users digest. I used to get them also via some -announce
list at ISC, I do not remember the name, maybe bind-annou
Echoing a complaint made recently -- I saw the announcements of the
-P1 patch for the various supported versions of BIND via the
bind-users digest. I used to get them also via some -announce
list at ISC, I do not remember the name, maybe bind-annou...@isc.org .
And I noticed that the list archive
BIND 9.6.0-P1 is now available.
BIND 9.6.0-P1 is a SECURITY patch for BIND 9.6.0. It addresses a bug
in which return values from some OpenSSL functions were left unchecked,
making it theoretically possible to spoof answers from some signed
zones.
Bugs should be reported
31 matches
Mail list logo
