Bind (bind-server) users please upgrade
Philip Prindeville
philipp_subx at redfish-solutions.com
Fri Dec 30 11:12:28 PST 2022
If you are using Bind9 then you should upgrade to the latest (9.18.10-1) package. No, it's not a CVE. It's a glitch where, if Bind comes up before your WAN port has stabilized, then you'll end up with bogus SOA and NS records for your root server keys because of a problem in how the journaled managed-keys get corrupted.
Details are here if you're interested: https://gitlab.isc.org/isc-projects/bind9/-/issues/2895
If you're on an older version, the fix is this:
rm -f /tmp/managed-keys.bind.jnl
rndc managed-keys refresh
rndc managed-keys sync
More information about the openwrt-devel
mailing list