Bind (bind-server) users please upgrade

Philip Prindeville philipp_subx at redfish-solutions.com
Fri Dec 30 11:12:28 PST 2022


If you are using Bind9 then you should upgrade to the latest (9.18.10-1) package.  No, it's not a CVE.  It's a glitch where, if Bind comes up before your WAN port has stabilized, then you'll end up with bogus SOA and NS records for your root server keys because of a problem in how the journaled managed-keys get corrupted.

Details are here if you're interested: https://gitlab.isc.org/isc-projects/bind9/-/issues/2895

If you're on an older version, the fix is this:

rm -f /tmp/managed-keys.bind.jnl

rndc managed-keys refresh
rndc managed-keys sync





More information about the openwrt-devel mailing list