Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 15 Aug 2008 19:58:07 -0500
From:      Tim Daneliuk <tundra@tundraware.com>
To:        Matthew Seaman <m.seaman@infracaninophile.co.uk>
Cc:        FreeBSD Mailing List <freebsd-questions@freebsd.org>
Subject:   Re: Updated 'bind' And FreeBSD 6.3
Message-ID:  <48A6261F.5030806@tundraware.com>
In-Reply-To: <48A60840.4070502@infracaninophile.co.uk>
References:  <48A5FB1B.4040001@tundraware.com> <48A60840.4070502@infracaninophile.co.uk>

next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Seaman wrote:
> Tim Daneliuk wrote:
>> Is there an expected date when the latest version of bind9 (that fixes
>> the recently discussed DNS vulnerability) will be merged into the
>> 6.3-STABLE tree.  I patch and update fairly regularly and
>> bind -v gives me: BIND 9.3.5-P1   I believe the patched version
>> is something like 9.5.0-P?...
>>
>> TIA,
> 
> Patches against the Kaminsky attack were released for all of the
> supported BIND branches.  9.3.5-P1 is a patched version.  You can verify
> that your bind is patched by using the dns oarc tester:
> 
>   https://www.dns-oarc.net/oarc/services/dnsentropy
> 
> or manually by:
> 
>   dig +short porttest.dns-oarc.net TXT
> 
> If it reports 'poor' you still need to fix your server.  Beware of NAT
> gateways which can reduce the randomness with which source ports are
> used in passing.
> 
>     Cheers,
> 
>     Matthew

Thanks all - I do indeed have the patches and can now no longer spend nights
worried about these ;)

-- 
----------------------------------------------------------------------------
Tim Daneliuk     tundra@tundraware.com
PGP Key:         http://www.tundraware.com/PGP/




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48A6261F.5030806>