Upgrade to version 9.6.2. This version includes all previously released

security patches to the 9.6.1 version, as well as many other bug fixes.

This version also incorporates a different fix for the problem we had
patched in contrib/bind9/bin/dig/dighost.c, so that file is now back
to being the same as the vendor version.

Due to the fact that the DNSSEC algorithm that will be used to sign the
root zone is only included in this version and in 9.7.x those who wish
to do validation MUST upgrade to one of these prior to July 2010.

1 files changed, 2 insertions, 2 deletions

diff --git a/contrib/bind9/NSEC3-NOTES b/contrib/bind9/NSEC3-NOTES
index d23b20e..3f8d8f9 100644
--- a/contrib/bind9/NSEC3-NOTES
+++ b/contrib/bind9/NSEC3-NOTES
@@ -35,7 +35,7 @@ will not be completely signed until named has had time to walk the
 zone and generate the NSEC and RRSIG records.  Initially the NSEC
 record at the zone apex will have the OPT bit set.  When the NSEC
 chain is complete the OPT bit will be cleared.  Additionally when
-the zone is fully signed the private type (default TYPE65535) records
+the zone is fully signed the private type (default TYPE65534) records
 will have a non zero value for the final octet. 
 
 The private type record has 5 octets.
@@ -45,7 +45,7 @@ The private type record has 5 octets.
 	complete flag (octet 5)
 
 If you wish to go straight to a secure zone using NSEC3 you should
-also add a NSECPARAM record to the update request with the flags
+also add a NSEC3PARAM record to the update request with the flags
 field set to indicate whether the NSEC3 chain will have the OPTOUT
 bit set or not.