Date: Thu, 27 Jun 2002 13:35:47 +1000 From: Mark.Andrews@isc.org To: "Jacques A. Vidrine" <nectar@FreeBSD.ORG> Cc: security@FreeBSD.ORG Subject: Re: BIND and reconstruction of DNS messages (was Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv) Message-ID: <200206270335.g5R3Zlm0040680@drugs.dv.isc.org> In-Reply-To: Your message of "Wed, 26 Jun 2002 22:16:14 EST." <20020627031614.GE46205@madman.nectar.cc>
next in thread | previous in thread | raw e-mail | index | archive | help
> On Thu, Jun 27, 2002 at 10:12:08AM +1000, Mark.Andrews@isc.org wrote: > > Provided you are behind a nameserver you trust that reconstructs > > the answer you should be fine. > > Thanks for this info, Mark. > > I guess that name server better be running on localhost, or else an > agent may be able to spoof DNS messages. > > > BIND 9 reconstucts all answers (excluding forwarded UPDATES). > > cool > > > BIND 8 forwards some and reconstructs others. > > at random? :-) No. See ns_resp.c for details. > Cheers, > -- > Jacques A. Vidrine <n@nectar.cc> http://www.nectar.cc/ > NTT/Verio SME . FreeBSD UNIX . Heimdal Kerberos > jvidrine@verio.net . nectar@FreeBSD.org . nectar@kth.se -- Mark Andrews, Internet Software Consortium 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200206270335.g5R3Zlm0040680>