Hello all,
I'm doing some testing with DNSSEC now that root are signed but it seems
BIND-9.4.2-P2 (provided with OpenBSD 4.7) is not able to load the
trust-anchor :
Jul 18 19:35:22 rb600a named[11605]: loading configuration from
'/etc/named.conf'
Jul 18 19:35:22 rb600a named[11605]: /etc/named.conf:38: configuring
trusted key for '.': algorithm is unsupported
Jul 18 19:35:22 rb600a named[11605]: reloading configuration failed: failure
And if I use the DLV anchor, domains under .org TLD are not reachable
(because, if I understand correctly, the key is signed with
RSASHA1-NSEC3-SHA1 and Bind-9.4 doesn't support it).
Is there any plan to upgrade BIND in the next release ?
Or should I get used to the idea of upgrading all my existing and future
servers with a newer version manually ?
Thank you in advance,
Denis
