Bug 104569
Summary: | rfe: support for "delegation-only" | ||||||
---|---|---|---|---|---|---|---|
Product: | [Retired] Red Hat Raw Hide | Reporter: | Kaj J. Niemi <kajtzu> | ||||
Component: | bind | Assignee: | Daniel Walsh <dwalsh> | ||||
Status: | CLOSED RAWHIDE | QA Contact: | Ben Levenson <benl> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | 1.0 | CC: | chris.ricker, gowdy, paul.morgan, ralston, redhat, samuel, techwolf | ||||
Target Milestone: | --- | Keywords: | FutureFeature | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Enhancement | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2003-09-17 13:46:55 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Kaj J. Niemi
2003-09-17 11:23:38 UTC
*** Bug 104480 has been marked as a duplicate of this bug. *** Added the patch in bind-9.2.2-23. Should be in rawhide soon. it seems that zone "." { type delegation-only; }; will not work, only "com" etc. can you include this list in a proper way ? how can this be done ? http://www.clubneon.com/files/named.delegation-only thanks Created attachment 94600 [details]
new caching-nameserver srpm
/etc/named.conf also needs to be patched to activate the changes make in bind
I agree. While technically not a bug, this fix is required for security features in other products to function properly; eg, Sendmail and Postfix. Plus, having the fix available on RedHat would encourage wide adoption, which in turn would nullify the effects of VeriSign's "hijacking" of the purposes and RFC functions of the root servers. The second BIND patch for this issue has been released. I can understand if you want to wait a day or two for the dust to settle (the first patch has minor issues), but at least make some sort of announcement that a new RPM will be forthcoming. I think what would make more sense is to wait until BIND 9.2.3 is released, and then push out 9.2.3 as an "enhancement" errata for all supported systems. Up through BIND 9.2.2, ISC implemented the "delegation-only" patch, like so: zone "com" { type delegation-only; }; However, for BIND 9.2.3, all root zones will be delegation-only by default, and one will have to specifically exclude root zones which contain valid non-delegated data: options { root-delegation-only exclude { "de"; "lv"; "museum"; }; }; I don't think Red Hat should encourage the "type delegation-only" behavior, since the ISC clearly intends to deprecate that behavior. Rather, I think Red Hat should put bind-9.2.3rc4 RPM into Rawhide now, so get a head-start on testing it so that hopefully once the ISC releases 9.2.3 final, it won't take that long to run it through all the Q&A testing and get it published as an errata update. Does this seem reasonable? |