background information on the dnssec-conf issue

Paul Wouters paul at
Tue Feb 16 17:07:54 UTC 2010

On Thu, 11 Feb 2010, Paul W. Frields wrote:

>  Fedora 11:
>  Fedora 12:

For those interested in some more background information about the
chain of events on the dnssec-conf stale trust anchor with the bind bug,
please see:

My apologies for being responsible for some of the problems with dnssec-conf
and the initial update causing some bind installations to stop working, and
the extra work I caused rel-eng.

On the possitive side, it seems Fedora has been responsible for quite a
large perentage of world wide DNSSEC traffic, and has given valuable experience
to many parties involved, from TLD's to software vendors to the IETF.

Due to the maturity of the ISC DLV Registry, and the imminent signing
of the root in July, the dnssec-conf package (and its included trust
anchors) will be phased out as a dependancy for the bind and unbound
packages. New stock bind and unbound installs will keep DNSSEC processing
enabled and will keep the ISC DLV Registry enabled.

If anyone has any questions, please email me.


More information about the devel mailing list