From owner-freebsd-security Fri Nov 12 2:42:21 1999 Delivered-To: freebsd-security@freebsd.org Received: from verdi.nethelp.no (verdi.nethelp.no [158.36.41.162]) by hub.freebsd.org (Postfix) with SMTP id 9646B14C05 for ; Fri, 12 Nov 1999 02:42:07 -0800 (PST) (envelope-from sthaug@nethelp.no) Received: (qmail 45565 invoked by uid 1001); 12 Nov 1999 10:42:03 +0000 (GMT) To: aj@entic.net Cc: ust@cert.siemens.de, mike@sentex.net, matt@BabCom.ORG, freebsd-security@FreeBSD.ORG, jseger@FreeBSD.ORG Subject: Re: patch for bind8 port (was: BIND NXT Bug Vulnerability) From: sthaug@nethelp.no In-Reply-To: Your message of "Thu, 11 Nov 1999 07:57:00 -0800 (PST)" References: X-Mailer: Mew version 1.05+ on Emacs 19.34.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Fri, 12 Nov 1999 11:42:03 +0100 Message-ID: <45563.942403323@verdi.nethelp.no> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > |Here is a patch for the port. > > There was also a patch4, with a minor fix to the xfer code: > > ftp.isc.org/isc/bind/src/8.2.2-P3/patch4 This fix is definitely not minor in the sense of "little importance". Without this fix: - Zones will be *stored on disk* (by named-xfer) with two SOAs, because this is the format on the wire. - Because they are stored on disk with two SOAs, they will be rejected by named the next time it tries to read the zones (for instance when it is restarted). (Yes, we had this happen to us on a name server which is slave for around 12.000 zones. Not a pleasant experience.) Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message