From: Evan Hunt <each@isc.org>
Date: Tue, 16 Feb 2010 19:38:42 +0000 (+0000)
Subject: update README to include packet-storm known issue
X-Git-Tag: v9.7.0^2
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=975f01067b6b3ea4924fa2c1be47a61230d108d1;p=thirdparty%2Fbind9.git

update README to include packet-storm known issue
---

diff --git a/README b/README
index dcc869ebe17..f0e1d200328 100644
--- a/README
+++ b/README
@@ -79,6 +79,17 @@ BIND 9.7.0
 
 	Known issues in this release:
 
+	- A validating resolver that has been incorrectly configured with
+	  an invalid trust anchor will be unable to resolve names covered
+	  by that trust anchor.  In all current versions of BIND 9, such a
+	  resolver will also generate significant unnecessary DNS traffic
+	  while trying to validate.  The latter problem will be addressed
+	  in future BIND 9 releases.  In the meantime, to avoid these
+	  problems, exercise caution when configuring "trusted-keys":
+	  make sure all keys are correct and current when you add them,
+	  and update your configuration in a timely manner when keys
+	  roll over.
+
 	- In rare cases, DNSSEC validation can leak memory.  When this 
 	  happens, it will cause an assertion failure when named exits,
 	  but is otherwise harmless.  A fix exists, but was too late for