From owner-freebsd-security Wed Jan 22 14:58:19 2003 Delivered-To: freebsd-security@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id DF30137B401 for ; Wed, 22 Jan 2003 14:58:16 -0800 (PST) Received: from laptop.tenebras.com (laptop.tenebras.com [66.92.188.18]) by mx1.FreeBSD.org (Postfix) with SMTP id 1DCCD43F3F for ; Wed, 22 Jan 2003 14:58:16 -0800 (PST) (envelope-from kudzu@tenebras.com) Received: (qmail 76689 invoked from network); 22 Jan 2003 22:58:14 -0000 Received: from sapphire.tenebras.com (HELO tenebras.com) (192.168.188.241) by 0 with SMTP; 22 Jan 2003 22:58:14 -0000 Message-ID: <3E2F2205.3060306@tenebras.com> Date: Wed, 22 Jan 2003 14:58:13 -0800 From: Michael Sierchio User-Agent: Mozilla/5.0 (X11; U; Linux i386; en-US; rv:1.2b) Gecko/20021016 X-Accept-Language: en-us, en, fr-fr, ru MIME-Version: 1.0 To: Mike Hoskins Cc: freebsd-security@FreeBSD.ORG Subject: Re: Limiting icmp unreach response from 231 to 200 packets per second References: <20030122112600.G12348-100000@fubar.adept.org> In-Reply-To: <20030122112600.G12348-100000@fubar.adept.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Mike Hoskins wrote: > On Tue, 21 Jan 2003, Ronan Lucio wrote: > > >I think a good solution is install a DJB DNS Cache and leave it > >just to answer DNS queries. > > > If you can stand DJB's rhetoric. Sure, he seems like a smart enough > guy... If he wasn't such an a$$. I guess that's a problem with a lot of > "smart" people though. Yes, he's cranky and exigent. But BIND and Sendmail have a long history of security vulnerabilities, and of being generally porcine. Dan's long-standing cash reward offer for discovery of vulnerabilities in his software has never been claimed. djbdns works brilliantly, correctly separates caching server which performs recursive queries from the domain server which responds only to queries for which it is authoritative. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message