Date: Wed, 9 Jul 2008 11:29:25 -0700 (PDT) From: Jason Stone <jason@shalott.net> To: Peter Thoenen <peter.thoenen@yahoo.com> Cc: freebsd-security@freebsd.org, remko@elvandar.org Subject: Re: BIND update? Message-ID: <alpine.BSF.1.00.0807091039120.34772@treehorn.dfmm.org> In-Reply-To: <4874DD4B.5020608@yahoo.com> References: <17cd1fbe0807090819o2aa28250h13c58dbe262abb7c@mail.gmail.com> <3a558cb8f79e923db0c6945830834ba2.squirrel@galain.elvandar.org> <4874DD4B.5020608@yahoo.com>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I don't agree with the criticism of the security team; it takes a lot of time to test things and make sure that changes and patches work within the larger context of a complete system. And what I like about FreeBSD is that it's a complete system, not just a collection of disjoint parts like some other popular unix-like systems out there.... However, I also don't agree with this: > its really not a CRITICAL patch .. its more of a when you get around to > it seriously. CERT and others have been saying for years that protecting DNS infrastructure is a critical component in protecting the security of the entire internet, and I strongly agree. DNS spoofing and cache poisoning are an big part of how Windows boxes get rooted, and a more robust DNS infrastructure might go a long way in slowing the spread of the zombie armies. Many folks in the hosting world use BIND on FreeBSD to provide DNS resolvers for their clients, and this is _not_ a trivial issue for them. -Jason -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) Comment: See https://private.idealab.com/public/jason/jason.gpg iD8DBQFIdQOFswXMWWtptckRAlgBAJ9fyqJomRiszRJuub6blvV+uXv4RgCg8Q3E wVqCrYVcKV7PjTHSyGuCyGY= =ZU6f -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.1.00.0807091039120.34772>