[UCI-Linux] [Fwd: Notice: dnssec-conf updates in Fedora 11 and 12]

Mike Iglesias iglesias at uci.edu
Tue Feb 9 15:00:00 PST 2010

For those of you using bind on Fedora 11 or 12...

-------- Original Message --------
Subject: Notice: dnssec-conf updates in Fedora 11 and 12
Date: Tue, 9 Feb 2010 17:29:27 -0500
From: Paul W. Frields <stickster at gmail.com>
Reply-To: fedora-list at redhat.com
To: devel-announce at lists.fedoraproject.org,        users
<users at lists.fedoraproject.org>,        Fedora Announcements
<announce at lists.fedoraproject.org>

The Fedora Project recently issued an update to the dnssec-conf
package, to fix an issue that caused Fedora 11 and 12 systems using
BIND (named) to put an inordinately heavy load on RIPE nameservers.
However, this update has been found to break some BIND configurations
as seen in this bug:


The problem occurs in these packages:


To determine if your system is affected, run the following command:

 rpm -q dnssec-conf

If one of the above package descriptors does not appear, your system
is not affected and you may safely ignore this message.  If you are
affected, please continue reading.

== Workaround ==

If you have already accepted this update, you can downgrade the
package and start the failed BIND (named) daemon again using these

 su -c 'yum downgrade dnssec-conf'
 su -c 'service named start'

== Solution ==

System owners running BIND name servers on Fedora 11 or 12 systems are
advised not to accept the specific dnssec-conf pacakge updates listed
above.  There are several ways to avoid these specific updates.

* If you use the PackageKit graphical client, or another graphical
  client, deselect the dnssec-conf update in the dialog that lists
  package updates.

* If you use the yum command-line client, use this command to exclude
  dnssec-conf from the list of packages to be updated:

  su -c 'yum --exclude=dnssec-conf update'

== Remediation ==

A new update is being prepared to address this problem for Fedora 11
and 12 users, and will be pushed to our mirrors as soon as possible.
Users who are not running BIND nameservers (named) on their Fedora 11
and 12 can safely disregard this notice.  When the new updates are
pushed, a follow-up announcement will be made here.  At that time,
affected system owners can safely accept the replacement updates.
announce mailing list
announce at lists.fedoraproject.org

More information about the UCI-Linux mailing list