From owner-freebsd-security  Thu Nov 11 15:24:36 1999
Delivered-To: freebsd-security@freebsd.org
Received: from eastwood.aldigital.algroup.co.uk (eastwood.aldigital.algroup.co.uk [194.128.162.193])
	by hub.freebsd.org (Postfix) with ESMTP id EFB8414DEA
	for <security@FreeBSD.ORG>; Thu, 11 Nov 1999 15:24:32 -0800 (PST)
	(envelope-from adam@algroup.co.uk)
Received: from algroup.co.uk ([192.168.192.2]) by eastwood.aldigital.algroup.co.uk (8.8.8/8.6.12) with ESMTP id XAA23817; Thu, 11 Nov 1999 23:24:10 GMT
Message-ID: <382B5020.396D9FCC@algroup.co.uk>
Date: Thu, 11 Nov 1999 23:24:16 +0000
From: Adam Laurie <adam@algroup.co.uk>
X-Mailer: Mozilla 4.7 [en-gb] (Win98; I)
X-Accept-Language: en
MIME-Version: 1.0
To: agifford@infowest.com
Cc: security@FreeBSD.ORG
Subject: Re: BIND NXT Bug Vulnerability
References: <19991111213301.D44DE20F66@infowest.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

"Aaron D. Gifford" wrote:
> 
> Hmmm, looking at the ISC BIND web site page regarding versions and
> the various newly discovered problems that affect them, it appears
> that 8.1.2 is vulnerable to only 5 of the 6 new problems, but NOT
> the NXT bug.
> 
> A few fun things I discovered when upgrading from 8.1.2 to 8.2.2-P3
> include:
> 
>   The new version no longer supports "allow-query" sections in the
>   "hint" zone type.  The old 8.1.2 happily accepted them without
>   complaint.  When I restarted with the new version, this caused
>   my "." zone hits file to be rejected, so all queries to the outside
>   world stopped dead in the water until I removed that section.
> 
>   As was already mentioned in this thread, BIND's default installation
>   and startup location for the named.conf file is /etc/named.conf
>   while FreeBSD's is /etc/namedb/named.conf -- a quick symlink fixes
>   that too.

A most timely bit of info... Wish I'd read this a couple of hours ago!
:)

FYI, allow-transfer causes the same problem.

cheers,
Adam
--
Adam Laurie                   Tel: +44 (181) 742 0755
A.L. Digital Ltd.             Fax: +44 (181) 742 5995
Voysey House                  
Barley Mow Passage            http://www.aldigital.co.uk
London W4 4GB                 mailto:adam@algroup.co.uk
UNITED KINGDOM                PGP key on keyservers


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message