From owner-freebsd-security Wed Jun 26 18:21:58 2002 Delivered-To: freebsd-security@freebsd.org Received: from drugs.dv.isc.org (drugs.dv.isc.org [130.155.191.236]) by hub.freebsd.org (Postfix) with ESMTP id B73F037DC2A for ; Wed, 26 Jun 2002 18:19:56 -0700 (PDT) Received: from drugs.dv.isc.org (localhost.dv.isc.org [127.0.0.1]) by drugs.dv.isc.org (8.12.3/8.12.3) with ESMTP id g5R1Iom0030235; Thu, 27 Jun 2002 11:18:50 +1000 (EST) (envelope-from marka@drugs.dv.isc.org) Message-Id: <200206270118.g5R1Iom0030235@drugs.dv.isc.org> To: Brett Glass Cc: security@FreeBSD.ORG From: Mark.Andrews@isc.org Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv In-reply-to: Your message of "Wed, 26 Jun 2002 18:55:37 CST." <4.3.2.7.2.20020626185228.00e8ad60@localhost> Date: Thu, 27 Jun 2002 11:18:50 +1000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > At 06:12 PM 6/26/2002, Mark.Andrews@isc.org wrote: > > > Provided you are behind a nameserver you trust that reconstructs > > the answer you should be fine. > > > > BIND 9 reconstucts all answers (excluding forwarded UPDATES). > > BIND 8 forwards some and reconstructs others. > > Could an exploit be set up as a forwarded UPDATE? No. > (Forgive me if > this is a naive question; I know that I need to become more familiar > with DDNS.) If not, then installing BIND 9 and/or forcing clients > to consult a BIND 9 server may be an acceptable workaround. > > --Brett > -- Mark Andrews, Internet Software Consortium 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews@isc.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message