2019-04-25 - News - Tony Finch
Last night, isc.org announced patch releases of BIND
I have upgraded our DNS servers to 9.12.4-P1 to address the TCP socket exhaustion vulnerability.
At the same time I have also relinked BIND with a more recent version of OpenSSL, so it is now able to validate the small number of domains that use the new Ed25519 DNSSEC algorithm.