From owner-freebsd-security  Thu Nov 11 13:33: 7 1999
Delivered-To: freebsd-security@freebsd.org
Received: from infowest.com (ns1.infowest.com [204.17.177.10])
	by hub.freebsd.org (Postfix) with ESMTP id 44A3414BFE
	for <security@freebsd.org>; Thu, 11 Nov 1999 13:33:02 -0800 (PST)
	(envelope-from root@infowest.com)
Received: by infowest.com (Postfix, from userid 0)
	id D44DE20F66; Thu, 11 Nov 1999 14:33:01 -0700 (MST)
To: security@freebsd.org
Subject: Re: BIND NXT Bug Vulnerability
Reply-To: <agifford@infowest.com>
From: "Aaron D. Gifford" <agifford@infowest.com>
Message-Id: <19991111213301.D44DE20F66@infowest.com>
Date: Thu, 11 Nov 1999 14:33:01 -0700 (MST)
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Hmmm, looking at the ISC BIND web site page regarding versions and
the various newly discovered problems that affect them, it appears
that 8.1.2 is vulnerable to only 5 of the 6 new problems, but NOT
the NXT bug.

A few fun things I discovered when upgrading from 8.1.2 to 8.2.2-P3
include:

  The new version no longer supports "allow-query" sections in the
  "hint" zone type.  The old 8.1.2 happily accepted them without
  complaint.  When I restarted with the new version, this caused
  my "." zone hits file to be rejected, so all queries to the outside
  world stopped dead in the water until I removed that section.

  As was already mentioned in this thread, BIND's default installation
  and startup location for the named.conf file is /etc/named.conf
  while FreeBSD's is /etc/namedb/named.conf -- a quick symlink fixes
  that too.

Aaron out.


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message