background information on the dnssec-conf issue
Paul Wouters
paul at xelerance.com
Tue Feb 16 17:07:54 UTC 2010
On Thu, 11 Feb 2010, Paul W. Frields wrote:
> Fedora 11: https://admin.fedoraproject.org/updates/F11/FEDORA-2010-1696
> Fedora 12: https://admin.fedoraproject.org/updates/F12/FEDORA-2010-1748
For those interested in some more background information about the
chain of events on the dnssec-conf stale trust anchor with the bind bug,
please see:
http://www.potaroo.net/ispcol/2010-02/rollover.pdf
My apologies for being responsible for some of the problems with dnssec-conf
and the initial update causing some bind installations to stop working, and
the extra work I caused rel-eng.
On the possitive side, it seems Fedora has been responsible for quite a
large perentage of world wide DNSSEC traffic, and has given valuable experience
to many parties involved, from TLD's to software vendors to the IETF.
Due to the maturity of the ISC DLV Registry, and the imminent signing
of the root in July, the dnssec-conf package (and its included trust
anchors) will be phased out as a dependancy for the bind and unbound
packages. New stock bind and unbound installs will keep DNSSEC processing
enabled and will keep the ISC DLV Registry enabled.
If anyone has any questions, please email me.
Paul
More information about the devel
mailing list