Maintained by: NLnet Labs

[Unbound-users] SERVFAIL with *some* names in a DNSSEC+DLV signed zone

Paul Wouters
Tue Jun 30 16:15:26 CEST 2009


On Tue, 30 Jun 2009, W.C.A. Wijngaards wrote:

> I think the problem is the recent NSEC+RRSIG parse bug I fixed.  In the
> ANY queries that is present and can lead to the problem, the bug is
> triggered based on ordering in the packet, and this causes the
> randomness for you.
>
> So, it is fixed in subversion trunk and perhaps I should consider making
> a bugfix release :-)

the unbound in fedora rawhide has this patch already, but i had not yet
upgraded all fedora releases. There are now 4 svn patches against 1.3.0,
so perhaps a 1.3.1 release would indeed be a good idea.

Paul