From owner-freebsd-security Sun Nov 14 18:27:41 1999 Delivered-To: freebsd-security@freebsd.org Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193]) by hub.freebsd.org (Postfix) with ESMTP id EDDAD14A21 for ; Sun, 14 Nov 1999 18:27:38 -0800 (PST) (envelope-from wollman@khavrinen.lcs.mit.edu) Received: (from wollman@localhost) by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id VAA03816; Sun, 14 Nov 1999 21:27:35 -0500 (EST) (envelope-from wollman) Date: Sun, 14 Nov 1999 21:27:35 -0500 (EST) From: Garrett Wollman Message-Id: <199911150227.VAA03816@khavrinen.lcs.mit.edu> To: Pierre Beyssac Cc: freebsd-security@FreeBSD.ORG Subject: Re: patch for bind8 port (was: BIND NXT Bug Vulnerability) In-Reply-To: <19991112165545.A18571@fasterix.frmug.org> References: <45563.942403323@verdi.nethelp.no> <19991112165545.A18571@fasterix.frmug.org> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org < said: > Actually, the zone is not completely rejected: the secondaries > fetch an up-to-date copy and serve it, but they disable the AA flag > in the replies. It is much better than not serving the zone at all. Well, not really, since this means many people can't send mail to addresses covered by that zone. (Think sendmail.cf `O ResolverOptions=+AAONLY', or MMDF which doesn't even give you an option. This bites me periodically when our primary goes lame for some reason -- it's also our main mail relay, and it runs MMDF.) -GAWollman -- Garrett A. Wollman | O Siem / We are all family / O Siem / We're all the same wollman@lcs.mit.edu | O Siem / The fires of freedom Opinions not those of| Dance in the burning flame MIT, LCS, CRS, or NSA| - Susan Aglukark and Chad Irschick To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message