Date: Fri, 12 Nov 1999 11:42:03 +0100 From: sthaug@nethelp.no To: aj@entic.net Cc: ust@cert.siemens.de, mike@sentex.net, matt@BabCom.ORG, freebsd-security@FreeBSD.ORG, jseger@FreeBSD.ORG Subject: Re: patch for bind8 port (was: BIND NXT Bug Vulnerability) Message-ID: <45563.942403323@verdi.nethelp.no> In-Reply-To: Your message of "Thu, 11 Nov 1999 07:57:00 -0800 (PST)" References: <Pine.BSF.4.10.9911110751530.25016-100000@shell.entic.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> |Here is a patch for the port. > > There was also a patch4, with a minor fix to the xfer code: > > ftp.isc.org/isc/bind/src/8.2.2-P3/patch4 This fix is definitely not minor in the sense of "little importance". Without this fix: - Zones will be *stored on disk* (by named-xfer) with two SOAs, because this is the format on the wire. - Because they are stored on disk with two SOAs, they will be rejected by named the next time it tries to read the zones (for instance when it is restarted). (Yes, we had this happen to us on a name server which is slave for around 12.000 zones. Not a pleasant experience.) Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?45563.942403323>