update README to include packet-storm known issue

author Evan Hunt <each@isc.org>

Tue, 16 Feb 2010 19:38:42 +0000 (19:38 +0000)

committer Evan Hunt <each@isc.org>

Tue, 16 Feb 2010 19:38:42 +0000 (19:38 +0000)
author Evan Hunt <each@isc.org>
Tue, 16 Feb 2010 19:38:42 +0000 (19:38 +0000)
committer Evan Hunt <each@isc.org>
Tue, 16 Feb 2010 19:38:42 +0000 (19:38 +0000)
diff --git a/README b/README

index dcc869ebe17d09c6869d7547f5dba2de21b0b056..f0e1d200328534de1ea176ebfc4b6c828bbad073 100644 (file)
--- a/README
+++ b/README
@@ -79,6 +79,17 @@ BIND 9.7.0
  
         Known issues in this release:
  
+       - A validating resolver that has been incorrectly configured with
+         an invalid trust anchor will be unable to resolve names covered
+         by that trust anchor.  In all current versions of BIND 9, such a
+         resolver will also generate significant unnecessary DNS traffic
+         while trying to validate.  The latter problem will be addressed
+         in future BIND 9 releases.  In the meantime, to avoid these
+         problems, exercise caution when configuring "trusted-keys":
+         make sure all keys are correct and current when you add them,
+         and update your configuration in a timely manner when keys
+         roll over.
+
         - In rare cases, DNSSEC validation can leak memory.  When this 
           happens, it will cause an assertion failure when named exits,
           but is otherwise harmless.  A fix exists, but was too late for
author	Evan Hunt <each@isc.org>
	Tue, 16 Feb 2010 19:38:42 +0000 (19:38 +0000)
committer	Evan Hunt <each@isc.org>
	Tue, 16 Feb 2010 19:38:42 +0000 (19:38 +0000)