Date: Fri, 11 Jul 2008 16:38:50 -0400 From: Alan Clegg <alan@clegg.com> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: [Fwd: cvs commit: ports/dns/bind9 Makefile distinfo ports/dns/bind94 Makefile distinfo ports/dns/bind95 Makefile distinfo] Message-ID: <4877C4DA.9070404@clegg.com> In-Reply-To: <48778A1B.4060504@infracaninophile.co.uk> References: <C49A67C5.1A0CBA%astorms@ncircle.com> <20080709204114.471A2F1835D@mx.npubs.com> <4876A3FE.1070407@FreeBSD.org> <200807111454.IAA18639@lariat.net> <20080711151228.GA52385@eos.sc1.parodius.com> <487782C5.7050703@clegg.com> <48778A1B.4060504@infracaninophile.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matthew Seaman wrote: > Probably what Brett is looking for are the avoid-v4-udp-ports and > avoid-v6-udp-ports options -- these just contain lists of UDP ports > to avoid as the source of any DNS traffic. Details are available here > (for bind95) http://www.isc.org/sw/bind/arm95/Bv9ARM.ch06.html#options > but it's the same for all 9.x versions of BIND. This is fine as long as you are not defining large numbers of "don't touch" ports. The added functionality of 9.5.1b1: use-v4-udp-ports { range 1024 65535; }; use-v6-udp-ports { range 1024 65535; }; Is what I was pointing people towards. AlanC -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFId8TacKpYUrUDCYcRAhmHAJoCkQ3dxLfQhw1EamBJfNrLqwVZLwCfcfRg VTWMnJEfymL8TH7AV2MQ7y4= =mIl7 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4877C4DA.9070404>