Over the first half of 2010, ICANN/IANA plan to sign the root zone . The DNSSEC signature will use SHA256 hashes, which are not supported in older but common versions of BIND. If you run BIND 9.6.0 or 9.6.0P1, you may have issues with these signatures. The bug was fixed in BIND 9.6.1.
From the ISC.org mailing list:
Intrusion Detection In-Depth - SANS London July 2019
Dec 15th 2009
9 years ago