Date: Sun, 3 May 2020 04:18:49 +0700 From: Eugene Grosbein <eugen@grosbein.net> To: Per olof Ljungmark <peo@nethead.se>, The Doctor <doctor@doctor.nl2k.ab.ca> Cc: freebsd-ports@freebsd.org Subject: Re: Bind 9.16 port error still lingers Message-ID: <e82ea952-6226-07aa-471b-63ff51aa4e6c@grosbein.net> In-Reply-To: <83462c13-c953-34e8-fc7c-ab180ea9804f@nethead.se> References: <20200502140501.GA16385@doctor.nl2k.ab.ca> <20200502143210.GA4453@elch.exwg.net> <20200502151636.GA22397@doctor.nl2k.ab.ca> <20200502165318.GB4453@elch.exwg.net> <20200502172907.GA59662@doctor.nl2k.ab.ca> <83462c13-c953-34e8-fc7c-ab180ea9804f@nethead.se>
next in thread | previous in thread | raw e-mail | index | archive | help
03.05.2020 1:13, Per olof Ljungmark wrote:
> On 2020-05-02 19:29, The Doctor via freebsd-ports wrote:
>> On Sat, May 02, 2020 at 06:53:18PM +0200, Christoph Moench-Tegeder wrote:
>>> ## The Doctor via freebsd-ports (freebsd-ports@freebsd.org):
> [snip]
>
>> //Use with the following in named.conf, adjusting the allow list as needed:
>> key "rndc-key" {
>> algorithm hmac-md5;
>> secret "7ZbGK94NdSa2WACxx72W1w==";
>
> I suggest you change this ^^^^^ rather quickly, especially if it is a public name server.
This is a key for local (over 127.0.0.1) connections for rndc,
it can be abused by local users only, or if there is remotely expoitable vulnerability
for running shell code. Still, should not be published so easily but no direct harm
when system has no untrusted local users.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e82ea952-6226-07aa-471b-63ff51aa4e6c>