Date: Wed, 08 Jul 2015 19:27:56 +0200 From: Dan Lukes <dan@obluda.cz> To: Mark Felder <feld@FreeBSD.org> Cc: freebsd-security <freebsd-security@freebsd.org> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:11.bind Message-ID: <559D5D9C.2020709@obluda.cz> In-Reply-To: <1436372961.2331021.318495625.381B9FCC@webmail.messagingengine.com> References: <20150707232549.4D7A31B0D@freefall.freebsd.org> <1436372961.2331021.318495625.381B9FCC@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 07/08/15 18:29, Mark Felder: >> IV. Workaround >> >> No workaround is available, but hosts not running named(8) are not >> vulnerable. > Why is no workaround available? Can't you just disable DNSSEC > validation? > > dnssec-enable no; > dnssec-validation no; Well, it depend ... If someone is running DNSSEC validation, then turning it off is no solution. You may claim either "turn off named" or "power off the computer" to be available workaround ... Just my $0.02 Dan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?559D5D9C.2020709>