Bug 675467

Summary: Bind 9.7.0 has a DNSSEC problem
Product: Red Hat Enterprise Linux 5 Reporter: Chris Adams <linux>
Component: bind97Assignee: Adam Tkac <atkac>
Status: CLOSED ERRATA QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: 5.6CC: azelinka, ovasik, swsnyder
Target Milestone: rcKeywords: ZStream
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2013-01-08 04:05:29 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 695381    

Description Chris Adams 2011-02-05 20:47:40 UTC 
The bind97 package is 9.7.0-P2, which has a problem handling DNSSEC validation when new DS records are inserted.  ISC recommends using 9.7.2 at a minimum to avoid this problem.

Since AFAIK the main use of the bind97 package is DNSSEC-validating resolvers, and this issue will hit when .COM is signed on March 31, 2011, it should be updated ASAP.

https://www.isc.org/announcement/bind-9-dnssec-validation-fails-new-ds-record
Comment 1 Adam Tkac 2011-02-14 13:16:25 UTC 
You are right this is important issue, thanks for the report.
Comment 2 Steve Snyder 2011-04-05 14:15:57 UTC 
If it is deemed to be an "important issue" then why has no update to the bind97 package been released?

March 31, 2011 has come and gone.
Comment 5 Steve Snyder 2011-04-05 17:41:22 UTC 
See also: Bug 693788
Comment 14 errata-xmlrpc 2013-01-08 04:05:29 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2013-0043.html