Date: Wed, 8 Jul 2015 11:34:12 -0700 From: Mel Pilgrim <list_freebsd@bluerosetech.com> To: Mark Felder <feld@FreeBSD.org>, freebsd-security <freebsd-security@freebsd.org> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-15:11.bind Message-ID: <559D6D24.6000709@bluerosetech.com> In-Reply-To: <1436377752.2351289.318560673.25707A63@webmail.messagingengine.com> References: <20150707232549.4D7A31B0D@freefall.freebsd.org> <1436372961.2331021.318495625.381B9FCC@webmail.messagingengine.com> <559D5D9C.2020709@obluda.cz> <1436377752.2351289.318560673.25707A63@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2015-07-08 10:49, Mark Felder wrote: > DNSSEC is not a requirement to run a DNS resolver. It is requirement if you're using DANE or other technologies where the trust model relies on authenticated DNS. I've always understood the term "workaround" to mean "mitigate the problem without a loss of feature/functionality". Because "turn off DNSSEC" doesn't universally meet that definition, it's not really a workaround. For example, a workaround for vulnerabilities in the base BIND that's already fixed in ports is to disable the in-base version and install the port.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?559D6D24.6000709>