In message , "Filippo Valsorda via RT" writes: > If dig +sigchase encounters a RRSIG with inception in the future it will > enter a tight endless loop. > > This is probably a DoS minor security vulnerability. > > It might be worth to check if the same verification code is used in other > products that might be affected. +sigchase is off by default at compile time in part because it is contributed code which hasn't had all the bugs removed from it. The validator used in both named and delv has a different design to the one used in dig +sigchase. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org