Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 08 Jul 2015 11:29:21 -0500
From:      Mark Felder <feld@FreeBSD.org>
To:        freebsd-security@freebsd.org
Subject:   Re: FreeBSD Security Advisory FreeBSD-SA-15:11.bind
Message-ID:  <1436372961.2331021.318495625.381B9FCC@webmail.messagingengine.com>
In-Reply-To: <20150707232549.4D7A31B0D@freefall.freebsd.org>
References:  <20150707232549.4D7A31B0D@freefall.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help


On Tue, Jul 7, 2015, at 18:25, FreeBSD Security Advisories wrote:
> 
> IV.  Workaround
> 
> No workaround is available, but hosts not running named(8) are not
> vulnerable.
> 

Why is no workaround available? Can't you just disable DNSSEC
validation?

dnssec-enable no;
dnssec-validation no;

In fact, don't they have to be explicitly enabled anyway?



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1436372961.2331021.318495625.381B9FCC>