This is a notification just to let you know that ISC.org has released a new version of BIND, 9.7.1-P2. This reverses a change made in 9.7.1.
"The change attempted to correct the behavior of a validating recursive resolver when explicitly queried for records of the type 'RRSIG'. These queries do not occur in normal DNSSEC operation, because RRSIG records are ordinarily returned along with the records they cover. However, a type 'RRSIG; query can be used for manual testing purposes. As a result of the change in 9.7.1, if the cache did not contain any RRSIG records for the name, such a query would trigger an endless loop of recursive queries to the authoritative server."
This patch backs out that change, and this will be fixed in a future release. So, those of you that upgraded to 9.7.1-P1, you'll need to apply this patch.
It can be downloaded from
Jul 16th 2010
9 years ago