BIND 9.7.1-P2 is now available. BIND 9.7.1-P2 is a SECURITY PATCH for BIND 9.7.1. BIND 9.7.1-P2 reverses a change that was introduced in BIND 9.7.1. The change attempted to correct the behavior of a validating recursive resolver when explicitly queried for records of type 'RRSIG'. These queries do not occur in normal DNSSEC operation, because RRSIG records are ordinarily returned along with the records they cover. However, a type-RRSIG query can be used for manual testing purposes. As a result of the change in 9.7.1, if the cache did not contain any RRSIG records for the name, such a query would trigger an endless loop of recursive queries to the authoritative server. BIND 9.7.1-P2 backs out the change, restoring the behavior prior to 9.7.1, which was not entirely correct but not harmful. It will be properly fixed in a future release. BIND 9.7.1-P2 can be downloaded from ftp://ftp.isc.org/isc/bind9/9.7.1-P2/bind-9.7.1-P2.tar.gz The PGP signature of the distribution is at ftp://ftp.isc.org/isc/bind9/9.7.1-P2/bind-9.7.1-P2.tar.gz.asc ftp://ftp.isc.org/isc/bind9/9.7.1-P2/bind-9.7.1-P2.tar.gz.sha256.asc ftp://ftp.isc.org/isc/bind9/9.7.1-P2/bind-9.7.1-P2.tar.gz.sha512.asc The signature was generated with the ISC public key, which is available at . A binary kit for Windows XP and Window 2003 is at ftp://ftp.isc.org/isc/bind9/9.7.1-P2/BIND9.7.1-P2.zip ftp://ftp.isc.org/isc/bind9/9.7.1-P2/BIND9.7.1-P2.debug.zip The PGP signature of the binary kit for Windows XP and Window 2003 is at ftp://ftp.isc.org/isc/bind9/9.7.1-P2/BIND9.7.1-P2.zip.asc ftp://ftp.isc.org/isc/bind9/9.7.1-P2/BIND9.7.1-P2.zip.sha256.asc ftp://ftp.isc.org/isc/bind9/9.7.1-P2/BIND9.7.1-P2.zip.sha512.asc ftp://ftp.isc.org/isc/bind9/9.7.1-P2/BIND9.7.1-P2.debug.zip.asc ftp://ftp.isc.org/isc/bind9/9.7.1-P2/BIND9.7.1-P2.debug.zip.sha256.asc ftp://ftp.isc.org/isc/bind9/9.7.1-P2/BIND9.7.1-P2.debug.zip.sha512.asc Changes since 9.7.1-P1: --- 9.7.1-P2 released --- 2931. [security] Temporarily and partially disable change 2864 because it would cause inifinite attempts of RRSIG queries. This is an urgent care fix; we'll revisit the issue and complete the fix later. [RT #21710]