From owner-freebsd-security Fri May 12 00:49:46 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id AAA15157 for security-outgoing; Fri, 12 May 1995 00:49:46 -0700 Received: from gndrsh.aac.dev.com (gndrsh.aac.dev.com [198.145.92.241]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id AAA15142 for ; Fri, 12 May 1995 00:49:40 -0700 Received: (from rgrimes@localhost) by gndrsh.aac.dev.com (8.6.11/8.6.9) id AAA00443; Fri, 12 May 1995 00:48:21 -0700 From: "Rodney W. Grimes" Message-Id: <199505120748.AAA00443@gndrsh.aac.dev.com> Subject: Re: DNS Security Hole To: pst@Shockwave.COM (Paul Traina) Date: Fri, 12 May 1995 00:48:21 -0700 (PDT) Cc: kato@eclogite.eps.nagoya-u.ac.jp, FreeBSD-security@FreeBSD.org In-Reply-To: <199505120744.AAA06220@precipice.shockwave.com> from "Paul Traina" at May 12, 95 00:44:32 am X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Content-Length: 927 Sender: security-owner@FreeBSD.org Precedence: bulk > > Why would we ever want this under an #ifdef? > Sounds like it should always be applied. > > From: KATO Takenori > Subject: DNS Security Hole > > Resolver in FreeBSD 2.0 Release and FreeBSD-current doesn't support > "SUNSECURITY" option which appears in BIND-4.9.2. So I made a patch > to support this option. Code in this patch is derived from > BIND-4.9.3-BETA17 and its fatal bug is fixed. And the correct thing to do would be to import BIND-4.9.3-BETA17, but it seems last time this came up Paul Vixie was about to go to an official release. Is there any new status on that. I would prefer not to apply this patch only to have it conflict when the cvs import of the next official release of bind occured. -- Rod Grimes rgrimes@gndrsh.aac.dev.com Accurate Automation Company Custom computers for FreeBSD