From owner-freebsd-security Wed Jun 26 18: 0: 4 2002 Delivered-To: freebsd-security@freebsd.org Received: from lariat.org (lariat.org [63.229.157.2]) by hub.freebsd.org (Postfix) with ESMTP id 447C737D6C2 for ; Wed, 26 Jun 2002 17:56:12 -0700 (PDT) Received: from mustang.lariat.org (IDENT:ppp1000.lariat.org@lariat.org [63.229.157.2]) by lariat.org (8.9.3/8.9.3) with ESMTP id SAA18188; Wed, 26 Jun 2002 18:55:40 -0600 (MDT) X-message-flag: Warning! Use of Microsoft Outlook is dangerous and makes your system susceptible to Internet worms. Message-Id: <4.3.2.7.2.20020626185228.00e8ad60@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Version 4.3.2 Date: Wed, 26 Jun 2002 18:55:37 -0600 To: Mark.Andrews@isc.org From: Brett Glass Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv Cc: security@FreeBSD.ORG In-Reply-To: <200206270012.g5R0C8m0029482@drugs.dv.isc.org> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org At 06:12 PM 6/26/2002, Mark.Andrews@isc.org wrote: > Provided you are behind a nameserver you trust that reconstructs > the answer you should be fine. > > BIND 9 reconstucts all answers (excluding forwarded UPDATES). > BIND 8 forwards some and reconstructs others. Could an exploit be set up as a forwarded UPDATE? (Forgive me if this is a naive question; I know that I need to become more familiar with DDNS.) If not, then installing BIND 9 and/or forcing clients to consult a BIND 9 server may be an acceptable workaround. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message