DNS Flag Day

John Levine johnl at iecc.com
Mon Jan 21 17:01:08 UTC 2019


In article <157de54f-bf15-06ba-d47f-923dce0a716c at netfence.it> you write:
>On 1/21/19 12:40 AM, Jon Radel wrote:
>
>> Not enough details are provided by you in the above to have a clear
>> answer.  Are you using the FreeBSD 11.2 server as an authoritative
>> server for one or more DNS zones?
>
>Sorry to step in.
>What about authoritative servers for private zones?
>
>I.e. Are those who are serving local.xxxxx.xx to their LAN affected?

Tes.  DNS cache software will start rejecting bad EDNS, so unless you plan
to never ever update any DNS software on your LAN, you should make it work.

>> If you're running a reasonably recent version of NSD or BIND, like the ones in
>> the packages, you should be fine.
>
>I've read an article that reports BIND 9.13.3 and 9.14.0 are ok, but we 
>start from dns/bind911.
>Is that fine?

I don't know, but why don't you upgrade to a more recent BIND?  It's not hard.



More information about the freebsd-questions mailing list