BIND update?
    Jason Stone 
    jason at shalott.net
       
    Wed Jul  9 18:49:26 UTC 2008
    
    
  
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I don't agree with the criticism of the security team; it takes a lot of 
time to test things and make sure that changes and patches work within the 
larger context of a complete system.  And what I like about FreeBSD is 
that it's a complete system, not just a collection of disjoint parts like 
some other popular unix-like systems out there....
However, I also don't agree with this:
> its really not a CRITICAL patch .. its more of a when you get around to 
> it seriously.
CERT and others have been saying for years that protecting DNS 
infrastructure is a critical component in protecting the security of the 
entire internet, and I strongly agree.  DNS spoofing and cache poisoning 
are an big part of how Windows boxes get rooted, and a more robust DNS 
infrastructure might go a long way in slowing the spread of the zombie 
armies.  Many folks in the hosting world use BIND on FreeBSD to provide 
DNS resolvers for their clients, and this is _not_ a trivial issue for 
them.
  -Jason
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)
Comment: See https://private.idealab.com/public/jason/jason.gpg
iD8DBQFIdQOFswXMWWtptckRAlgBAJ9fyqJomRiszRJuub6blvV+uXv4RgCg8Q3E
wVqCrYVcKV7PjTHSyGuCyGY=
=ZU6f
-----END PGP SIGNATURE-----
    
    
More information about the freebsd-security
mailing list