[Dnssec-trigger] Add test for bind RT#21409 ?

W.C.A. Wijngaards wouter at nlnetlabs.nl
Wed Apr 24 11:35:45 UTC 2013


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Paul,

On 04/22/2013 09:09 PM, Paul Wouters wrote:
> 
> See https://bugzilla.redhat.com/show_bug.cgi?id=824219

The wildcard signature bug in bind in the upstream resolver.

> It would be useful for dnssec-trigger to detect this.

Can't we just wait for them to upgrade?  An actual wildcard detection
is very expensive.  There are few wildcards at the TLD level (DNSSEC
signed) to do the detection with.

More realistically, we could probe version.bind, the TXT record?

Best regards,
   Wouter

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJRd8ORAAoJEJ9vHC1+BF+N85MQAKBPv9iu+/zKFDpNp9ncTM4f
PiyV/w9MFCN6vy9RPvDije9d2hA1m5VVc3gOoKo5Ux2EG8al5J2yCZO1e++zW2uG
Zis02P1fy+M2v8O9JpseHAg3z/hIozU+9JZjqpooJ3AVp43DNIOtZSE7Bw7ErDVN
KNBUEEXz8+Vg6mPGNqdlxn5fEsqeONkSSxkaqp0Dvn75/prgBa4ADFr6KwfeieR2
e6sEC19rcc3Ix4LHpKPRvHmwWHclt2PDLqeqPLWRgF0parDqv14HHYk0xoXXO7Z3
iDrQJrM7by86JxW0OYaOuvu5jeclPGkEdNyPmtI6CZd/YftrqX5VethDdJqgo74p
vx1bflNjOiilixuns7TBDcBvXF1Mwd5Ds669zK/DAItr6/qVR/vzKnkSF9gwfDu0
MuxW4znBmuvju2G+N7OpNg1HAw//fsN/tNfDCsAxX+8G2VTLiJRc8sU4YA1VCElP
sm5/0ke28YVp2uVjBc0xUNwUxhglk66cx7CY7OVq5nOGaH3Kzz4bRSk+7jsG/yVJ
wr7MtxTw1yAKBkFiWcXyTewieWUTZvLCqxlSVEkBbmp4puQbucj+joDuIJQ77AR7
eNSi0vgBbrvAh8Vodk4mdQ80I0roMbBkD2XDQA0KPOjAR8BxgnMHBwfHPnK9qOih
uLDs0Yth3yG1EsdnrB1w
=o6dM
-----END PGP SIGNATURE-----



More information about the dnssec-trigger mailing list