diff options
Diffstat (limited to 'contrib/bind/DNSSEC')
-rw-r--r-- | contrib/bind/DNSSEC | 39 |
1 files changed, 0 insertions, 39 deletions
diff --git a/contrib/bind/DNSSEC b/contrib/bind/DNSSEC deleted file mode 100644 index 9230f86..0000000 --- a/contrib/bind/DNSSEC +++ /dev/null @@ -1,39 +0,0 @@ -$Id: DNSSEC,v 8.2 1999/10/12 18:23:27 ogud Exp $ - -DNSSEC Notes: - -This file contains description of two interoperabilty problems related -to DNSSEC that only affect sites using DNSSEC. - -1. All versions of bind-8 older than 8.2.2 - -Between versions 8.2.1 and 8.2.2 the printed format of SIG records -changed. As a result, using a signer, named and named-xfer of -differrent versions will cause parsing errors on signed zonefiles. -Included is an AWK program that converts old signed zone files to new -new format, see contrib/dns_signer/add_labels.awk -Usage: awk -f <path>/contrib/dns_signer/add_labels.awk <signed_zone >fixed_zone - -2. BIND-8.1 BIND-8.1.1 BIND-8.1.2 Interoperability - -If you wish to use BIND-8.1.x as a master server (either primary or -secondary) for DNSSEC signed zone you MUST apply the following patch -to the file src/bin/named/db_load.c. It fixes a bug that rejects -valid RSA signatures on load. -You can patch the file by running following command from this directory - patch -d bin/named <DNSSEC - ---- db_load.c.old Mon Oct 11 15:21:24 1999 -+++ db_load.c Mon Oct 11 15:21:38 1999 -@@ -1123,9 +1123,6 @@ - ERRTO("Signature too short"); - if (siglen > (NS_MD5RSA_MAX_BITS + 7) / 8) - ERRTO("Signature too long"); -- /* We rely on cp from parse */ -- if (*cp == 0) -- ERRTO("Signature starts with zeroes"); - break; - - case NS_ALG_EXPIRE_ONLY: - - |