Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be unavailable on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1884530 - BIND stops DNSKEY lookup in get_dst_key() when a key with unsupported algorithm is found first [RHEL7]
Summary: BIND stops DNSKEY lookup in get_dst_key() when a key with unsupported algorit...
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: bind
Version: 7.9
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: rc
: ---
Assignee: Petr Menšík
QA Contact: Petr Sklenar
URL:
Whiteboard:
Depends On: 1769876 1884532
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-10-02 08:36 UTC by Tomas Korbar
Modified: 2020-11-13 03:15 UTC (History)
8 users (show)

Fixed In Version: bind-9.11.4-26.P2.el7_9.2
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1769876
Environment:
Last Closed: 2020-11-10 13:00:12 UTC
Target Upstream Version:


Attachments (Terms of Use)

Comment 2 Petr Menšík 2020-10-02 08:41:52 UTC
Unlike RHEL6, RHEL7 supports algorithms ECDSAP256SHA256 and ECDSAP384SHA384 just fine. But it does not support more recent algorithms ED25519 and ED448, which may lead into the same situation as RHEL6. To my knowledge, no top level domain uses such new algorithms, but that may change later.

Comment 11 errata-xmlrpc 2020-11-10 13:00:12 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: bind security and bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2020:5011


Note You need to log in before you can comment on or make changes to this bug.