BIND update?
Jason Stone
jason at shalott.net
Wed Jul 9 18:49:26 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I don't agree with the criticism of the security team; it takes a lot of
time to test things and make sure that changes and patches work within the
larger context of a complete system. And what I like about FreeBSD is
that it's a complete system, not just a collection of disjoint parts like
some other popular unix-like systems out there....
However, I also don't agree with this:
> its really not a CRITICAL patch .. its more of a when you get around to
> it seriously.
CERT and others have been saying for years that protecting DNS
infrastructure is a critical component in protecting the security of the
entire internet, and I strongly agree. DNS spoofing and cache poisoning
are an big part of how Windows boxes get rooted, and a more robust DNS
infrastructure might go a long way in slowing the spread of the zombie
armies. Many folks in the hosting world use BIND on FreeBSD to provide
DNS resolvers for their clients, and this is _not_ a trivial issue for
them.
-Jason
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg
iD8DBQFIdQOFswXMWWtptckRAlgBAJ9fyqJomRiszRJuub6blvV+uXv4RgCg8Q3E
wVqCrYVcKV7PjTHSyGuCyGY=
=ZU6f
-----END PGP SIGNATURE-----
More information about the freebsd-security
mailing list