From owner-freebsd-bugs  Wed Aug 13 18:39:50 1997
Return-Path: <owner-freebsd-bugs>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id SAA13102
          for bugs-outgoing; Wed, 13 Aug 1997 18:39:50 -0700 (PDT)
Received: from megaweapon.zigg.net (matt@gr-max1-50.iserv.net [206.67.161.178])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id SAA13097
          for <FreeBSD-bugs@freebsd.org>; Wed, 13 Aug 1997 18:39:44 -0700 (PDT)
Received: from localhost (matt@localhost)
	by megaweapon.zigg.net (8.8.5/8.8.5) with SMTP id VAA14828;
	Wed, 13 Aug 1997 21:41:19 -0400 (EDT)
X-Authentication-Warning: megaweapon.zigg.net: matt owned process doing -bs
Date: Wed, 13 Aug 1997 21:41:13 -0400 (EDT)
From: Matt Behrens <zigg@iserv.net>
X-Sender: matt@megaweapon.zigg.net
To: Studded <Studded@dal.net>
cc: "FreeBSD-bugs@freebsd.org" <FreeBSD-bugs@freebsd.org>
Subject: Re: bin/4299: named is vulnerable to DNS spoofing
In-Reply-To: <199708140115.SAA08482@mail.san.rr.com>
Message-ID: <Pine.BSF.3.96.970813213503.14805C-100000@megaweapon.zigg.net>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-bugs@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

-----BEGIN PGP SIGNED MESSAGE-----

On Wed, 13 Aug 1997, Studded wrote:

> 	My understanding is that BIND 4.9.6 has finally made its way into
> releng_2_2 (-stable).  Praises and glory. :)  At this time, 4.9.6 is a
> better solution overall because of the updated include and library files. 
> Those who are running an actual name server (as opposed to a resolver
> only) should upgrade to 8.1.1 after a FreeBSD 2.2.2-stable install to get
> the better binaries and the flexibility of the new system.  

> 	For those with pre-4.9.6 systems already installed, the CW that's
> being kicked around on bind-users@vix.com currently is that you may be
> better off upgrading to 4.9.6 first, then upgrading to 8.1.1 if needed for
> the reasons above.  YMMV.

Right, I just saw this in the just-released CERT advisory today
(CA-97:22), and promptly started from square one. :)  Although I do still
STRONGLY recommend EVERYONE who is running a nameserver upgrade to 8.1.1
regardless.

- - Matt Behrens
  zigg@iserv.net

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBM/JiPLxD9LHdymrtAQG6DQP/aHN3hQtKjhLh+SbAAyqzSPjs3mVAvMAC
CvRAgGl9lvUaPoLVFLj14IjTAQivE15v0sSU8F1E0uvuBVIWDiauXe2IAymTxxqe
eRFoN2Ix9SsKH06SxWn9uWBu6s3fipH0jlM0UI68iuSXsX0BuRc/hulQQ+do+ao5
3XoAIWHF8vw=
=A+Dv
-----END PGP SIGNATURE-----