Date: Thu, 10 Jul 2008 09:45:23 +1000 From: Mark Andrews <Mark_Andrews@isc.org> To: freebsd-security@freebsd.org Subject: Re: BIND update? Message-ID: <200807092345.m69NjNgf091485@drugs.dv.isc.org> In-Reply-To: Your message of "Wed, 09 Jul 2008 14:53:08 MST." <20080709215308.C4A662B7C00@mx5.roble.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Well as a developer of BIND I will tell you that my development platform is FreeBSD. FreeBSD drugs.dv.isc.org 6.3-STABLE FreeBSD 6.3-STABLE #19: Fri Apr 25 13:07:00 EST 2008 marka@drugs.dv.isc.org:/usr/obj/usr/src/sys/DRUGS i386 If Doug hasn't already updated the ports to use the -P1 I would expect him to do so shortly. Or you could all do it yourselves. It really is not that hard. Just check the PGP signatures on the tarball when you make the new checksums for the port. As for updating the base. There is still time to do this without panicing. Dan's method has not been released. Remember the only real solution to cache poisoning is to deploy DNSSEC. You can go out and do your part of that today. If you really cared about DNS security you would have done it already. It isn't that hard. Just use the defaults. http://www.isc.org/sw/bind/docs/DNSSEC_in_6_minutes.pdf Talk to your member(s) of parliment about getting the root signed and your cctld signed (only 4 have been signed last time I checked). If .SE and .BR can do it then your cctld can do it. ORG is in the process of getting DNSSEC added. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200807092345.m69NjNgf091485>