BIND update?
Mark Andrews
Mark_Andrews at isc.org
Wed Jul 9 23:45:24 UTC 2008
Well as a developer of BIND I will tell you that my development
platform is FreeBSD.
FreeBSD drugs.dv.isc.org 6.3-STABLE FreeBSD 6.3-STABLE #19: Fri Apr 25 13:07:00 EST 2008 marka at drugs.dv.isc.org:/usr/obj/usr/src/sys/DRUGS i386
If Doug hasn't already updated the ports to use the -P1 I
would expect him to do so shortly. Or you could all do it
yourselves. It really is not that hard. Just check the
PGP signatures on the tarball when you make the new checksums
for the port.
As for updating the base. There is still time to do this
without panicing. Dan's method has not been released.
Remember the only real solution to cache poisoning is to
deploy DNSSEC. You can go out and do your part of that
today. If you really cared about DNS security you would
have done it already. It isn't that hard. Just use the
defaults.
http://www.isc.org/sw/bind/docs/DNSSEC_in_6_minutes.pdf
Talk to your member(s) of parliment about getting the root
signed and your cctld signed (only 4 have been signed last
time I checked). If .SE and .BR can do it then your cctld
can do it. ORG is in the process of getting DNSSEC added.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the freebsd-security
mailing list