From owner-freebsd-security Fri Nov 12 7:57:25 1999 Delivered-To: freebsd-security@freebsd.org Received: from fasterix.frmug.org (s192.paris-90.cybercable.fr [212.198.90.192]) by hub.freebsd.org (Postfix) with ESMTP id 7840114E38; Fri, 12 Nov 1999 07:57:21 -0800 (PST) (envelope-from pb@fasterix.frmug.org) Received: (from pb@localhost) by fasterix.frmug.org (8.9.3/8.9.3/pb-19990315) id QAA18615; Fri, 12 Nov 1999 16:55:45 +0100 (CET) Message-ID: <19991112165545.A18571@fasterix.frmug.org> Date: Fri, 12 Nov 1999 16:55:45 +0100 From: Pierre Beyssac To: sthaug@nethelp.no, aj@entic.net Cc: ust@cert.siemens.de, mike@sentex.net, matt@BabCom.ORG, freebsd-security@FreeBSD.ORG, jseger@FreeBSD.ORG Subject: Re: patch for bind8 port (was: BIND NXT Bug Vulnerability) References: <45563.942403323@verdi.nethelp.no> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Mailer: Mutt 0.92.8i In-Reply-To: <45563.942403323@verdi.nethelp.no>; from sthaug@nethelp.no on Fri, Nov 12, 1999 at 11:42:03AM +0100 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Fri, Nov 12, 1999 at 11:42:03AM +0100, sthaug@nethelp.no wrote: > - Zones will be *stored on disk* (by named-xfer) with two SOAs, because > this is the format on the wire. > > - Because they are stored on disk with two SOAs, they will be rejected > by named the next time it tries to read the zones (for instance when it > is restarted). Actually, the zone is not completely rejected: the secondaries fetch an up-to-date copy and serve it, but they disable the AA flag in the replies. It is much better than not serving the zone at all. It's currently happening to me on some secondaries for zone eu.org, but there's no harm done. -- Pierre Beyssac pb@fasterix.frmug.org pb@fasterix.freenix.org BSD : il y a moins bien, mais c'est coté en bourse Free domains: http://www.eu.org/ or mail dns-manager@EU.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message