From owner-freebsd-security Mon Aug 23 13:50:52 1999 Delivered-To: freebsd-security@freebsd.org Received: from rapidnet.com (rapidnet.com [205.164.216.1]) by hub.freebsd.org (Postfix) with ESMTP id 3911214E4F for ; Mon, 23 Aug 1999 13:50:49 -0700 (PDT) (envelope-from nick@rapidnet.com) Received: from localhost (nick@localhost) by rapidnet.com (8.9.3/8.9.3) with ESMTP id OAA88696; Mon, 23 Aug 1999 14:48:47 -0600 (MDT) Date: Mon, 23 Aug 1999 14:48:47 -0600 (MDT) From: Nick Rogness To: Nate Williams Cc: "Rodney W. Grimes" , freebsd-security@FreeBSD.ORG Subject: Re: IPFW/DNS rules In-Reply-To: <199908232024.OAA01685@mt.sri.com> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Mon, 23 Aug 1999, Nate Williams wrote: > > > > Not a whole lot you can do here, other than keep on top of the latest > > versions of bind from ISC. This is true. Even with blocking xfer-nets your DNS server can still be attacked. The most common one is the DoS attack with version 4.9.7 ... which came shipped with FreeBSD for a while. > > *sigh* Guess Bind is really in the same category as sendmail then. > Unfortunately, BIND has it's hooks all over the system, including the C > library. Can I just install the named and not worry about anything > else, leaving the system the same? The box in question is running > 2.2.8, and I *really* don't want to upgrade it if I can avoid it. I would probably get the new bind 8.9.2 and run that. I don't remember what version of BIND comes with 2.2.8 but I thought it was either 4.9.7 or 8.9.1. If it is 8.9.1, you can also run that with minimal problems. ******************************************************************* Nick Rogness Shaw's Principle: System Administrator Build a system that even a fool RapidNet, INC can use, and only a fool will nick@rapidnet.com want to use it. ******************************************************************* To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message