Bug #45354 for bind9-public: improve logging of 5011 events

Report information

The Basics

Id:

45354

Status:

resolved

Priority:

Medium/Medium

Queue:

bind9-public

People

Owner:

Evan Hunt <Evan_Hunt@isc.org>

Requestors:

Evan Hunt <Evan_Hunt@isc.org>

Cc:

AdminCc:

BugTracker

Version Fixed:

9.9.11, 9.10.6, 9.10.6-S1, 9.11.2, 9.12.0

Version Found:

(no value)

Versions Affected:

(no value)

Versions Planned:

9.9.11, 9.10.6, 9.11.2, 9.9.11-S1, 9.10.6-S1

Priority:

P2 Normal

Severity:

S3 Low

CVSS Score:

(no value)

CVE ID:

(no value)

Component:

(no value)

Area:

feature

Dates

Created:	Wed, 07 Jun 2017 17:51:24 -0400
Updated:	Sat, 29 Jul 2017 00:01:41 -0400
Closed:	Tue, 27 Jun 2017 13:54:47 -0400

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History

Wed, 07 Jun 2017 17:51:24 -0400 Evan Hunt <Evan_Hunt@isc.org> - Ticket created

Subject:

improve logging of 5011 events

From https://wiki.isc.org/bin/view/Main/RootKeyRollImprovements: BIND should log all relevant events related to managed key rollovers, including: - Detection of new keys - Keys being added to the Trust Anchor set (i.e. after hold-time timer) - Key deletions Minimize logging of missing keys: IANA plan to temporarily publish the new KSK and leave it published for the RFC 5011 “add” hold-down time period (30 days) and then remove it from the zone again without revoking it. BIND will add the key to the list of trust anchors, and leave it there, but warns that there is a mismatch between the zone contents and the trust anchor list. Instead, this should be considered “business as usual” and not generate excessive warning messages.

Wed, 07 Jun 2017 18:47:55 -0400 Vicky Risk <vicky@isc.org> - Priority P2 Normal added

Wed, 07 Jun 2017 18:47:55 -0400 Vicky Risk <vicky@isc.org> - Versions Planned 9.9.11, 9.10.6, 9.11.2, 9.9.11-S1, 9.10.6-S1 added

Wed, 07 Jun 2017 18:47:56 -0400 Vicky Risk <vicky@isc.org> - Severity S3 Low added

Wed, 07 Jun 2017 18:47:56 -0400 Vicky Risk <vicky@isc.org> - Area feature added

Wed, 07 Jun 2017 18:54:04 -0400 Evan Hunt <Evan_Hunt@isc.org> - Queue changed from #6 to #7

Wed, 07 Jun 2017 18:54:04 -0400 Evan Hunt <Evan_Hunt@isc.org> - Untaken

Tue, 13 Jun 2017 00:34:54 -0400 Mark Andrews <marka@isc.org> - Given to Evan Hunt <Evan_Hunt@isc.org>

Tue, 20 Jun 2017 17:51:48 -0400 Brian Conry <bconry@isc.org> - Status changed from 'open' to 'review'

Tue, 27 Jun 2017 13:54:36 -0400 Evan Hunt <Evan_Hunt@isc.org> - Version Fixed 9.12.0, 9.11.2, 9.10.6, 9.9.11 added

Tue, 27 Jun 2017 13:54:47 -0400 Evan Hunt <Evan_Hunt@isc.org> - Status changed from 'review' to 'resolved'

Tue, 27 Jun 2017 20:06:59 -0400 Vicky Risk <vicky@isc.org> - Queue changed from #7 to bind9-public

Fri, 28 Jul 2017 22:59:34 -0400 Mark Andrews <marka@isc.org> - Version Fixed 9.12.0, 9.11.2, 9.10.6, 9.9.11 changed to 9.9.11, 9.10.6, 9.11.2, 9.12.0

Sat, 29 Jul 2017 00:01:41 -0400 Mark Andrews <marka@isc.org> - Version Fixed 9.9.11, 9.10.6, 9.11.2, 9.12.0 changed to 9.9.11, 9.10.6, 9.10.6-S1, 9.11.2, 9.12.0