FreeBSD 7.1 and BIND exploit

Ruben van Staveren ruben at verweg.com
Wed Jul 23 13:39:16 UTC 2008


On 22 Jul 2008, at 23:49, Kevin Oberman wrote:

>> Someone needs to write a really good tutorial on dnssec.  The bits  
>> and
>> pieces are scattered about the web, but explanations of now to  
>> publish
>> your keys, to whom they need to be published and what is involved in
>> the ongoing maintenance are lacking.  Especially a clear explanation
>> of what is required to run both keyed and "legacy" dns at the same
>> time.

Another piece of text can be found at

http://www.nlnetlabs.nl/dnssec_howto/

> I can't imagine why anyone would want to run both. Resolvers which  
> don't
> know how to check signatures simple don't do so and everything still
> works.
>
> A pretty good, though somewhat outdated tutorial can be found in NIST
> SP800-81. It's pretty readable and tells you how to generate keys and
> sign a zone properly.
> http://csrc.nist.gov/publications/nistpubs/800-81/SP800-81.pdf

Regards,
	Ruben
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20080723/68ed5caf/PGP.pgp


More information about the freebsd-stable mailing list