FreeBSD Security Advisory FreeBSD-SA-10:01.bind
Stephen Montgomery-Smith
stephen at missouri.edu
Wed Jan 6 23:15:18 UTC 2010
FreeBSD Security Advisories wrote:
> I. Background
>
> BIND 9 is an implementation of the Domain Name System (DNS) protocols.
> The named(8) daemon is an Internet Domain Name Server.
>
> DNS Security Extensions (DNSSEC) provides data integrity, origin
> authentication and authenticated denial of existence to resolvers.
>
> II. Problem Description
>
> If a client requests DNSSEC records with the Checking Disabled (CD) flag
> set, BIND may cache the unvalidated responses. These responses may later
> be returned to another client that has not set the CD flag.
How do I find out if my named server is using DNSSEC? I am using the
vanilla defaults with named on FreeBSD.
More information about the freebsd-stable
mailing list