BIND 9 question
Doug Barton
dougb at FreeBSD.org
Thu Nov 17 21:20:35 UTC 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 11/17/2011 08:31, Albert Thiel wrote:
> I have been hearing that since last night DNS 0-day exploitation is
> taking place all over the net.
I dislike the term "0-day" because it means different things to
different people. What is true is that a large number of BIND recursive
name servers have been crashing with the same error messages, which
seems to be the result of an active and heretofore unknown exploit.
https://www.isc.org/software/bind/advisories/cve-2011-4313
> ISC mentions recursion. Is this vulnerability only on DNS that
> allows recursive queries? (if so mine is safe thankfully).
At this time it appears true that authoritative-only servers are not
vulnerable.
> Is there a patch to the BSD flavor of BIND expected to address
> this?
The ports, 10-current, stable/8 and stable/7 were all updated yesterday
shortly after ISC publicly released the code.
hth,
Doug
- --
"We could put the whole Internet into a book."
"Too practical."
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.18 (FreeBSD)
iQEcBAEBCAAGBQJOxXqiAAoJEFzGhvEaGryElTgH/A1c38kgpXaRhl2W9v/PBgvz
1fI8pZP49eh9aw7pWfMEvWh/UwkL4CNQUhFoG+XMIbHLtQbH1412w/CrVuGQJ2bN
H7a1fm07K3I8FiP5yO5v8fOiSjEQV1nmP5GPrFUTZxvh4Xeh6gWzGxCL/HVL2CK+
uPzgLv5oCfxYEdySFUyvJXRgcUBBg3efuR3LyhxpSjWhBC/FpbgxG2GS2dyfk/FP
nT4XxTg/0y4n96dfryskmLAT1j+cuoxyqFNp5goiz9Nl0/AisPIZ6kDVJD1wKtlP
QnkEAPHgowzeKKDFK2dkrmOszSHxGAdUki3D+iFxwEOn7lFgcPC6hDEgT6Y4oPw=
=IxSX
-----END PGP SIGNATURE-----
More information about the freebsd-ports
mailing list