Date: Tue, 16 Jul 2002 11:47:55 -0700 (PDT) From: Julian Elischer <julian@elischer.org> To: Patrick Thomas <root@utility.clubscholarship.com> Cc: freebsd-hackers@freebsd.org Subject: Re: resolver workaround conceptually possible ? Message-ID: <Pine.BSF.4.21.0207161144430.73768-100000@InterJet.elischer.org> In-Reply-To: <20020716113916.U79469-100000@utility.clubscholarship.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 16 Jul 2002, Patrick Thomas wrote: > > Understood. That's not very painful at all - I assume any new version of > bind9 will work then. the newest definitly will > > Is there a reason this workaround couldn't be added to the > freebsd-security advisory ? Currently it states there is no workaround, > and this is a very nice one... If the security people felt like it, it would probably be an idea to mention it.. Also, having your own caching forwarding server is usually a good idea on any site with mor ethan a few machines anyway. > > Also, you meant resolv.conf, right ? (not resolver.conf ?) yes of course.. :-) Of course you just need one forwarding server per site not per machine.. (and block outgoing dns requests from all other machines using the firewall) > > --pt > > On Tue, 16 Jul 2002, Julian Elischer wrote: > > > a real workaround means: > > > > setting resolver.conf to point to 127.0.0.1 > > running a local copy of bind-9 as a forwarding server. > > bind-9 rebuilds requests and answers it forwards.. > > bind-8 just passes them through. > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0207161144430.73768-100000>