Date: Mon, 23 Aug 1999 14:48:47 -0600 (MDT) From: Nick Rogness <nick@rapidnet.com> To: Nate Williams <nate@mt.sri.com> Cc: "Rodney W. Grimes" <freebsd@gndrsh.dnsmgr.net>, freebsd-security@FreeBSD.ORG Subject: Re: IPFW/DNS rules Message-ID: <Pine.BSF.4.05.9908231440100.85467-100000@rapidnet.com> In-Reply-To: <199908232024.OAA01685@mt.sri.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 23 Aug 1999, Nate Williams wrote: > > > > Not a whole lot you can do here, other than keep on top of the latest > > versions of bind from ISC. This is true. Even with blocking xfer-nets your DNS server can still be attacked. The most common one is the DoS attack with version 4.9.7 ... which came shipped with FreeBSD for a while. > > *sigh* Guess Bind is really in the same category as sendmail then. > Unfortunately, BIND has it's hooks all over the system, including the C > library. Can I just install the named and not worry about anything > else, leaving the system the same? The box in question is running > 2.2.8, and I *really* don't want to upgrade it if I can avoid it. I would probably get the new bind 8.9.2 and run that. I don't remember what version of BIND comes with 2.2.8 but I thought it was either 4.9.7 or 8.9.1. If it is 8.9.1, you can also run that with minimal problems. ******************************************************************* Nick Rogness Shaw's Principle: System Administrator Build a system that even a fool RapidNet, INC can use, and only a fool will nick@rapidnet.com want to use it. ******************************************************************* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9908231440100.85467-100000>