Date: Thu, 07 Jan 2010 15:31:17 -0800 From: "Kevin Oberman" <oberman@es.net> To: Doug Barton <dougb@FreeBSD.org> Cc: Thomas Rasmussen <thomas@gibfest.dk>, freebsd-stable@freebsd.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-10:01.bind Message-ID: <20100107233117.C73E91CC0B@ptavv.es.net> In-Reply-To: Your message of "Thu, 07 Jan 2010 15:16:43 PST." <4B466B5B.6060009@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> Date: Thu, 07 Jan 2010 15:16:43 -0800 > From: Doug Barton <dougb@FreeBSD.org> > Sender: owner-freebsd-stable@freebsd.org > > Thomas Rasmussen wrote: > > Hello, > > > > While this is all true, this vulnerability is for caching servers, > > not authorative ones. It is pretty easy to setup DLV validation on a > > recursive bind server. However, it is not enabled by default on FreeBSD, > > so Stephen should be safe. > > FWIW, I agree with Thomas. As do I. Guess I've been putting so much effort into getting my zones signed that DNSSEC took me in the wrong direction. No, a default config won't make you vulnerable, but making yourself vulnerable is not heard at all, especially if you use the DLV. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: oberman@es.net Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100107233117.C73E91CC0B>