Date: Sat, 07 Dec 2013 09:33:00 +1100 From: Mark Andrews <marka@isc.org> To: Mark Felder <feld@FreeBSD.org> Cc: freebsd-stable@freebsd.org Subject: Re: BIND chroot environment in 10-RELEASE...gone? Message-ID: <20131206223300.89253B55861@rock.dv.isc.org> In-Reply-To: Your message of "Fri, 06 Dec 2013 16:09:08 -0600." <1386367748.17212.56515229.7C50AFEB@webmail.messagingengine.com> References: <529D9CC5.8060709@rancid.berkeley.edu> <20131204095855.GY29825@droso.dk> <alpine.BSF.2.00.1312041212000.2022@badger.tharned.org> <E915D8A5-1CD0-465B-BAD1-59C45C9415F4@gid.co.uk> <20131205193815.05de3829de9e33197fe210ac@getmail.no> <20131206143944.4873391d@suse3> <20131206220016.BADCAB556F4@rock.dv.isc.org> <1386367748.17212.56515229.7C50AFEB@webmail.messagingengine.com>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <1386367748.17212.56515229.7C50AFEB@webmail.messagingengine.com>, Ma rk Felder writes: > On Fri, Dec 6, 2013, at 16:00, Mark Andrews wrote: > > > > But they should all be running a resursive validating resolver on > > every box. > > > > Are you *really* suggesting that I should run a recursive validating > server on every single server I admin? I'm suggesting that it should be run on *every* machine in the world, until all the applications that use data from the DNS have been upgraded to validate the data they get from the DNS, need to be be running a validating resolver. MiTM attacks happen all the time in the DNS. For mobile devices I would say "Don't leave home without one" to use a well know slogan. Mark > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20131206223300.89253B55861>