Date: Wed, 14 Jan 2009 12:36:31 -0500 From: Carl Friend <Carl.Friend@mathworks.com> To: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: RE: FreeBSD Security Advisory FreeBSD-SA-09:04.bind Message-ID: <0528A1CB48AB5B4FA0D8FD7E0D94D81D5A75B7441B@EXCHANGE-AH.ad.mathworks.com> In-Reply-To: <200901132233.n0DMXv4a055314@freefall.freebsd.org> References: <200901132233.n0DMXv4a055314@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Leonid, I got the message, so it looks like at least something is working. From the advisory: > NOTE WELL: If named(8) is not explicitly set to use DNSSEC the setup > is not vulnerable to the issue as described in this Security Advisory. We are not using DNSSEC on either the internal or external BIND instances. We *are* using authentication keys for some of the internal infrastructure (for dynamic updates) but not for the external, and this facility uses shared-secrets anyway rather than PKI. I think we're OK unless we're going to light up DNSSEC in the near future. +-----------------------------------------+----------------------------+ | Carl Richard Friend (UNIX Sysadmin) | Natick, Massachusetts, USA | | Minicomputer Collector / Enthusiast | 01760-2098 | | mailto:carl_friend@mathworks.com +----------------------------+ | http://users.rcn.com/crfriend/museum | ICBM: +42:18:00 -71:21:03 | +-----------------------------------------+----------------------------+
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0528A1CB48AB5B4FA0D8FD7E0D94D81D5A75B7441B>