Date: Wed, 3 Sep 1997 02:00:02 -0700 (PDT) From: tedm@toybox.placo.com To: freebsd-bugs Subject: Re: bin/4299: named is vulnerable to DNS spoofing Message-ID: <199709030900.CAA01135@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help
The following reply was made to PR bin/4299; it has been noted by GNATS. From: tedm@toybox.placo.com To: freebsd-gnats-submit@freebsd.org, zigg@iserv.net Cc: Subject: Re: bin/4299: named is vulnerable to DNS spoofing Date: 3 Sep 1997 01:06:30 Bind 8.1.1 and Bind 4.9.6 both fix this security hole. The ISC recommends moving to 8.1.1, but 4.9.6 compiles under FreeBSD 2.2.1 and 2.2.2 out-of the-box, and can be used as a drop in replacement for the version that comes with FreeBSD. More difficult is replacement of the shared resolver library and the utilities that use it, necessitating part of the source tree being installed. Certainly the most current version of bind ought to be used in future versions of FreeBSD. The thing is, though, that running a nameserver shouldn't be done for no reason, even a cachine-only one. The Internet is still friendly enough so that it is almost always easier to get someone else to serve your names for you than to go to the trouble of bringing up a nameserver yourself. If you are comitted enough to running your own nameserver you should be following updates on the ISC's website an applying them as they are released. This problem has been discussed on the CERT list, as well as mentioned in links from Network Solutions website. Ted
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199709030900.CAA01135>