FreeBSD Security Advisory FreeBSD-SA-10:01.bind
Kevin Oberman
oberman at es.net
Thu Jan 7 23:31:31 UTC 2010
> Date: Thu, 07 Jan 2010 15:16:43 -0800
> From: Doug Barton <dougb at FreeBSD.org>
> Sender: owner-freebsd-stable at freebsd.org
>
> Thomas Rasmussen wrote:
> > Hello,
> >
> > While this is all true, this vulnerability is for caching servers,
> > not authorative ones. It is pretty easy to setup DLV validation on a
> > recursive bind server. However, it is not enabled by default on FreeBSD,
> > so Stephen should be safe.
>
> FWIW, I agree with Thomas.
As do I. Guess I've been putting so much effort into getting my zones
signed that DNSSEC took me in the wrong direction.
No, a default config won't make you vulnerable, but making yourself
vulnerable is not heard at all, especially if you use the DLV.
--
R. Kevin Oberman, Network Engineer
Energy Sciences Network (ESnet)
Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab)
E-mail: oberman at es.net Phone: +1 510 486-8634
Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751
More information about the freebsd-stable
mailing list