Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 15 Aug 2008 23:50:40 +0100
From:      Matthew Seaman <m.seaman@infracaninophile.co.uk>
To:        Tim Daneliuk <tundra@tundraware.com>
Cc:        FreeBSD Mailing List <freebsd-questions@freebsd.org>
Subject:   Re: Updated 'bind' And FreeBSD 6.3
Message-ID:  <48A60840.4070502@infracaninophile.co.uk>
In-Reply-To: <48A5FB1B.4040001@tundraware.com>
References:  <48A5FB1B.4040001@tundraware.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enigB25B7F4CBDBB1D1331FE6601
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable

Tim Daneliuk wrote:
> Is there an expected date when the latest version of bind9 (that fixes
> the recently discussed DNS vulnerability) will be merged into the=20
> 6.3-STABLE tree.  I patch and update fairly regularly and
> bind -v gives me: BIND 9.3.5-P1   I believe the patched version
> is something like 9.5.0-P?...
>=20
> TIA,

Patches against the Kaminsky attack were released for all of the
supported BIND branches.  9.3.5-P1 is a patched version.  You can verify
that your bind is patched by using the dns oarc tester:

   https://www.dns-oarc.net/oarc/services/dnsentropy

or manually by:

   dig +short porttest.dns-oarc.net TXT

If it reports 'poor' you still need to fix your server.  Beware of NAT
gateways which can reduce the randomness with which source ports are
used in passing.

	Cheers,

	Matthew=20

--=20
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                  Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                  Kent, CT11 9PW


--------------enigB25B7F4CBDBB1D1331FE6601
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEAREIAAYFAkimCEYACgkQ8Mjk52CukIxjdwCgiOIoKVyBlifDKkYSxx8TjOUT
yUwAnA9TmyTEOomXE8Fn5xxUthaLT0U+
=YAEi
-----END PGP SIGNATURE-----

--------------enigB25B7F4CBDBB1D1331FE6601--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?48A60840.4070502>