Date: Wed, 06 Jan 2010 17:15:12 -0600 From: Stephen Montgomery-Smith <stephen@missouri.edu> To: freebsd-stable@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-10:01.bind Message-ID: <4B451980.8010403@missouri.edu> In-Reply-To: <201001062254.o06Msphj089054@freefall.freebsd.org> References: <201001062254.o06Msphj089054@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
FreeBSD Security Advisories wrote: > I. Background > > BIND 9 is an implementation of the Domain Name System (DNS) protocols. > The named(8) daemon is an Internet Domain Name Server. > > DNS Security Extensions (DNSSEC) provides data integrity, origin > authentication and authenticated denial of existence to resolvers. > > II. Problem Description > > If a client requests DNSSEC records with the Checking Disabled (CD) flag > set, BIND may cache the unvalidated responses. These responses may later > be returned to another client that has not set the CD flag. How do I find out if my named server is using DNSSEC? I am using the vanilla defaults with named on FreeBSD.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4B451980.8010403>