Control: tags -1 + confirmed On Tue, 2017-10-10 at 20:33 +0200, Christian Hofstaedtler wrote: > pdns before 4.0.4 replies incorrectly to DNS questions with the > DNSSEC query bit (DO) set, when the query also uses the "0x20" > mechanism to increase spoofing resistance. > > Unfortunately this is the configuration letsencrypt uses to check > for CAA records on domains. This implies letsencrypt being broken > for all users that have domains on pdns from stretch. >
+pdns (4.0.3-1+deb9u1) stable; urgency=medium Please make the changelog distribution "stretch", and feel free to upload. Does this also affect the package in jessie? Regards, Adam
