Red Hat Bugzilla – Bug 104705
Delegation-only patch for bind
Last modified: 2007-03-27 00:09:51 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4b) Gecko/20030516
Description of problem:
Please see Bug #104569
Please consult media for reports on verisign mis-handling .com / .net wildcards.
Please consider the effects on email systems / spam blocking / security.
Please include delegation patch in update to RH7.3 (or ALL) bind packages.
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Use non-patched bind
2. Permits wildcard lookup
3. BAD BAD BAD - please add patch
I agree. While technically not a bug, this fix is required for security
features in other products to function properly; eg, Sendmail and Postfix.
Plus, having the fix available on RedHat would encourage wide adoption, which
in turn would nullify the effects of VeriSign's "hijacking" of the purposes and
RFC functions of the root servers.
The second BIND patch for this issue has been released. I can understand if
you want to wait a day or two for the dust to settle (the first patch has minor
issues), but at least make some sort of announcement that a new RPM will be
Please add this patch to give RH users running bind the ability to block out
RedHat seems to be laging behind in their response to this issue, it's a serious
concern to many System Admins and should be addressed with a new RPM patch ASAP.
The patch is available on RawHide bind-9.2.2-23
No one who is following the ISC BIND9 list will want Bind-9.2.2-23, which only
contains the first ISC patch and is defective and creates problems. ISC's -P4
patch is apparently stable, and should be built & released as an RPM.