Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 07 Dec 2013 09:33:00 +1100
From:      Mark Andrews <marka@isc.org>
To:        Mark Felder <feld@FreeBSD.org>
Cc:        freebsd-stable@freebsd.org
Subject:   Re: BIND chroot environment in 10-RELEASE...gone?
Message-ID:  <20131206223300.89253B55861@rock.dv.isc.org>
In-Reply-To: Your message of "Fri, 06 Dec 2013 16:09:08 -0600." <1386367748.17212.56515229.7C50AFEB@webmail.messagingengine.com>
References:  <529D9CC5.8060709@rancid.berkeley.edu> <20131204095855.GY29825@droso.dk> <alpine.BSF.2.00.1312041212000.2022@badger.tharned.org> <E915D8A5-1CD0-465B-BAD1-59C45C9415F4@gid.co.uk> <20131205193815.05de3829de9e33197fe210ac@getmail.no> <20131206143944.4873391d@suse3> <20131206220016.BADCAB556F4@rock.dv.isc.org> <1386367748.17212.56515229.7C50AFEB@webmail.messagingengine.com>

next in thread | previous in thread | raw e-mail | index | archive | help

In message <1386367748.17212.56515229.7C50AFEB@webmail.messagingengine.com>, Ma
rk Felder writes:
> On Fri, Dec 6, 2013, at 16:00, Mark Andrews wrote:
> > 
> > But they should all be running a resursive validating resolver on
> > every box.
> > 
> 
> Are you *really* suggesting that I should run a recursive validating
> server on every single server I admin?

I'm suggesting that it should be run on *every* machine in the
world, until all the applications that use data from the DNS have
been upgraded to validate the data they get from the DNS, need to
be be running a validating resolver.

MiTM attacks happen all the time in the DNS.

For mobile devices I would say "Don't leave home without one" to
use a well know slogan.

Mark
> _______________________________________________
> freebsd-stable@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka@isc.org



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20131206223300.89253B55861>