Updated 'bind' And FreeBSD 6.3
Tim Daneliuk
tundra at tundraware.com
Sat Aug 16 00:58:27 UTC 2008
Matthew Seaman wrote:
> Tim Daneliuk wrote:
>> Is there an expected date when the latest version of bind9 (that fixes
>> the recently discussed DNS vulnerability) will be merged into the
>> 6.3-STABLE tree. I patch and update fairly regularly and
>> bind -v gives me: BIND 9.3.5-P1 I believe the patched version
>> is something like 9.5.0-P?...
>>
>> TIA,
>
> Patches against the Kaminsky attack were released for all of the
> supported BIND branches. 9.3.5-P1 is a patched version. You can verify
> that your bind is patched by using the dns oarc tester:
>
> https://www.dns-oarc.net/oarc/services/dnsentropy
>
> or manually by:
>
> dig +short porttest.dns-oarc.net TXT
>
> If it reports 'poor' you still need to fix your server. Beware of NAT
> gateways which can reduce the randomness with which source ports are
> used in passing.
>
> Cheers,
>
> Matthew
Thanks all - I do indeed have the patches and can now no longer spend nights
worried about these ;)
--
----------------------------------------------------------------------------
Tim Daneliuk tundra at tundraware.com
PGP Key: http://www.tundraware.com/PGP/
More information about the freebsd-questions
mailing list