From owner-freebsd-security  Wed Jan 31 17: 2: 6 2001
Delivered-To: freebsd-security@freebsd.org
Received: from shemp.palomine.net (shemp.palomine.net [205.198.88.200])
	by hub.freebsd.org (Postfix) with SMTP id 7A5DD37B69D
	for <freebsd-security@freebsd.org>; Wed, 31 Jan 2001 17:01:45 -0800 (PST)
Received: (qmail 90301 invoked by uid 1000); 1 Feb 2001 01:01:42 -0000
Date: Wed, 31 Jan 2001 20:01:42 -0500
From: Chris Johnson <cjohnson@palomine.net>
To: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
Cc: freebsd-security@freebsd.org
Subject: Re: FreeBSD Security Advisory: FreeBSD-SA-01:18.bind
Message-ID: <20010131200142.A90211@palomine.net>
References: <200101312123.f0VLNL134920@freefall.freebsd.org> <Pine.LNX.4.30.0101312352150.3617-100000@jamus.xpert.com> <20010201014819.H675@riget.scene.pl>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <20010201014819.H675@riget.scene.pl>; from venglin@freebsd.lublin.pl on Thu, Feb 01, 2001 at 01:48:19AM +0100
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On Thu, Feb 01, 2001 at 01:48:19AM +0100, Przemyslaw Frasunek wrote:
> On Wed, Jan 31, 2001 at 11:55:18PM +0200, Roman Shterenzon wrote:
> > Why not make it default in the base system?
> 
> The best workaround is not using BIND at all. Consider some alternatives,
> like /usr/ports/net/djbdns.

Yes! Why work around BIND limitiations and do all this sandboxing to try to
limit the damage it can do to you, when there's a better alternative?

Chris


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message