Date: Fri, 15 Aug 2008 23:50:40 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Tim Daneliuk <tundra@tundraware.com> Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: Updated 'bind' And FreeBSD 6.3 Message-ID: <48A60840.4070502@infracaninophile.co.uk> In-Reply-To: <48A5FB1B.4040001@tundraware.com> References: <48A5FB1B.4040001@tundraware.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Tim Daneliuk wrote: > Is there an expected date when the latest version of bind9 (that fixes > the recently discussed DNS vulnerability) will be merged into the > 6.3-STABLE tree. I patch and update fairly regularly and > bind -v gives me: BIND 9.3.5-P1 I believe the patched version > is something like 9.5.0-P?... > > TIA, Patches against the Kaminsky attack were released for all of the supported BIND branches. 9.3.5-P1 is a patched version. You can verify that your bind is patched by using the dns oarc tester: https://www.dns-oarc.net/oarc/services/dnsentropy or manually by: dig +short porttest.dns-oarc.net TXT If it reports 'poor' you still need to fix your server. Beware of NAT gateways which can reduce the randomness with which source ports are used in passing. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate Kent, CT11 9PW [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEAREIAAYFAkimCEYACgkQ8Mjk52CukIxjdwCgiOIoKVyBlifDKkYSxx8TjOUT yUwAnA9TmyTEOomXE8Fn5xxUthaLT0U+ =YAEi -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48A60840.4070502>