Date: Fri, 15 Aug 2008 19:58:07 -0500 From: Tim Daneliuk <tundra@tundraware.com> To: Matthew Seaman <m.seaman@infracaninophile.co.uk> Cc: FreeBSD Mailing List <freebsd-questions@freebsd.org> Subject: Re: Updated 'bind' And FreeBSD 6.3 Message-ID: <48A6261F.5030806@tundraware.com> In-Reply-To: <48A60840.4070502@infracaninophile.co.uk> References: <48A5FB1B.4040001@tundraware.com> <48A60840.4070502@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Seaman wrote: > Tim Daneliuk wrote: >> Is there an expected date when the latest version of bind9 (that fixes >> the recently discussed DNS vulnerability) will be merged into the >> 6.3-STABLE tree. I patch and update fairly regularly and >> bind -v gives me: BIND 9.3.5-P1 I believe the patched version >> is something like 9.5.0-P?... >> >> TIA, > > Patches against the Kaminsky attack were released for all of the > supported BIND branches. 9.3.5-P1 is a patched version. You can verify > that your bind is patched by using the dns oarc tester: > > https://www.dns-oarc.net/oarc/services/dnsentropy > > or manually by: > > dig +short porttest.dns-oarc.net TXT > > If it reports 'poor' you still need to fix your server. Beware of NAT > gateways which can reduce the randomness with which source ports are > used in passing. > > Cheers, > > Matthew Thanks all - I do indeed have the patches and can now no longer spend nights worried about these ;) -- ---------------------------------------------------------------------------- Tim Daneliuk tundra@tundraware.com PGP Key: http://www.tundraware.com/PGP/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48A6261F.5030806>