From owner-freebsd-bugs Wed Aug 13 18:16:15 1997 Return-Path: Received: (from root@localhost) by hub.freebsd.org (8.8.5/8.8.5) id SAA12049 for bugs-outgoing; Wed, 13 Aug 1997 18:16:15 -0700 (PDT) Received: from mail.san.rr.com (san.rr.com [204.210.0.1]) by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id SAA12043 for ; Wed, 13 Aug 1997 18:16:12 -0700 (PDT) Received: (from uucp@localhost) by mail.san.rr.com (8.7.6/8.7.3) id SAA08482; Wed, 13 Aug 1997 18:15:40 -0700 (PDT) Message-Id: <199708140115.SAA08482@mail.san.rr.com> Received: from dt5h1n61.san.rr.com(204.210.31.97) by mail via smap (V1.3) id tmp008399; Wed Aug 13 18:15:17 1997 From: "Studded" To: "FreeBSD-bugs@freebsd.org" , "zigg@iserv.net" Date: Wed, 13 Aug 97 18:14:53 -0700 Reply-To: "Studded" Priority: Normal X-Mailer: PMMail 1.92 For OS/2 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Subject: Re: bin/4299: named is vulnerable to DNS spoofing Sender: owner-freebsd-bugs@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Wed, 13 Aug 1997 15:06:00 -0700 (PDT), zigg@iserv.net wrote: >>Number: 4299 >>Category: bin >>Synopsis: named is vulnerable to DNS spoofing My understanding is that BIND 4.9.6 has finally made its way into releng_2_2 (-stable). Praises and glory. :) At this time, 4.9.6 is a better solution overall because of the updated include and library files. Those who are running an actual name server (as opposed to a resolver only) should upgrade to 8.1.1 after a FreeBSD 2.2.2-stable install to get the better binaries and the flexibility of the new system. For those with pre-4.9.6 systems already installed, the CW that's being kicked around on bind-users@vix.com currently is that you may be better off upgrading to 4.9.6 first, then upgrading to 8.1.1 if needed for the reasons above. YMMV. Hope this helps, Doug Do thou amend they face, and I'll amend my life. -Shakespeare, "Henry V"