From owner-freebsd-ports@freebsd.org  Sat May  2 21:19:39 2020
Return-Path: <owner-freebsd-ports@freebsd.org>
Delivered-To: freebsd-ports@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id C96A82C451B
 for <freebsd-ports@mailman.nyi.freebsd.org>;
 Sat,  2 May 2020 21:19:39 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
Received: from hz.grosbein.net (hz.grosbein.net [IPv6:2a01:4f8:c2c:26d8::2])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id 49F27Z2TFTz3Cy8
 for <freebsd-ports@freebsd.org>; Sat,  2 May 2020 21:19:37 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13:0:0:0:5])
 by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id 042LJ1Jt092670
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Sat, 2 May 2020 21:19:03 GMT (envelope-from eugen@grosbein.net)
X-Envelope-From: eugen@grosbein.net
X-Envelope-To: peo@nethead.se
Received: from [10.58.0.10] (dadvw [10.58.0.10])
 by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id 042LIuMb008884
 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT);
 Sun, 3 May 2020 04:18:56 +0700 (+07)
 (envelope-from eugen@grosbein.net)
Subject: Re: Bind 9.16 port error still lingers
To: Per olof Ljungmark <peo@nethead.se>, The Doctor <doctor@doctor.nl2k.ab.ca>
References: <20200502140501.GA16385@doctor.nl2k.ab.ca>
 <20200502143210.GA4453@elch.exwg.net>
 <20200502151636.GA22397@doctor.nl2k.ab.ca>
 <20200502165318.GB4453@elch.exwg.net>
 <20200502172907.GA59662@doctor.nl2k.ab.ca>
 <83462c13-c953-34e8-fc7c-ab180ea9804f@nethead.se>
Cc: freebsd-ports@freebsd.org
From: Eugene Grosbein <eugen@grosbein.net>
Message-ID: <e82ea952-6226-07aa-471b-63ff51aa4e6c@grosbein.net>
Date: Sun, 3 May 2020 04:18:49 +0700
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <83462c13-c953-34e8-fc7c-ab180ea9804f@nethead.se>
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=0.3 required=5.0 tests=BAYES_00,LOCAL_FROM,
 SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.2
X-Spam-Report: * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1%
 *      [score: 0.0000]
 *  0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
 * -0.0 SPF_PASS SPF: sender matches SPF record
 *  2.6 LOCAL_FROM From my domains
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on hz.grosbein.net
X-Rspamd-Queue-Id: 49F27Z2TFTz3Cy8
X-Spamd-Bar: ---
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism
 not recognized by this client) smtp.mailfrom=eugen@grosbein.net
X-Spamd-Result: default: False [-3.99 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[];
 RCPT_COUNT_THREE(0.00)[3]; TO_DN_SOME(0.00)[];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; MIME_GOOD(-0.10)[text/plain];
 DMARC_NA(0.00)[grosbein.net]; RCVD_COUNT_THREE(0.00)[3];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[];
 IP_SCORE(-1.89)[ip: (-5.25), ipnet: 2a01:4f8::/29(-2.66), asn: 24940(-1.50),
 country: DE(-0.02)]; FROM_EQ_ENVFROM(0.00)[];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:24940, ipnet:2a01:4f8::/29, country:DE];
 MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]
X-BeenThere: freebsd-ports@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Porting software to FreeBSD <freebsd-ports.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-ports/>
List-Post: <mailto:freebsd-ports@freebsd.org>
List-Help: <mailto:freebsd-ports-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-ports>,
 <mailto:freebsd-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 02 May 2020 21:19:39 -0000

03.05.2020 1:13, Per olof Ljungmark wrote:

> On 2020-05-02 19:29, The Doctor via freebsd-ports wrote:
>> On Sat, May 02, 2020 at 06:53:18PM +0200, Christoph Moench-Tegeder wrote:
>>> ## The Doctor via freebsd-ports (freebsd-ports@freebsd.org):
> [snip]
> 
>> //Use with the following in named.conf, adjusting the allow list as needed:
>> key "rndc-key" {
>>        algorithm hmac-md5;
>>         secret "7ZbGK94NdSa2WACxx72W1w==";
> 
> I suggest you change this ^^^^^ rather quickly, especially if it is a public name server.

This is a key for local (over 127.0.0.1) connections for rndc,
it can be abused by local users only, or if there is remotely expoitable vulnerability
for running shell code. Still, should not be published so easily but no direct harm
when system has no untrusted local users.