ISC have issued an announcement at
https://www.isc.org/announcement/bind-9-dnssec-validation-fails-new-ds-record
Note: 9.6.3 is now out, and 9.6-ESV-R3 "will not give complete protection",
probably because although it has change 2890 it is missing change 2904.
--
Chris Thompson University of Cambridge Computing Service,
Email: [log in to unmask] New Museums Site, Cambridge CB2 3QH,
Phone: +44 1223 334715 United Kingdom.
|