From owner-freebsd-stable@FreeBSD.ORG Fri Dec 6 22:33:16 2013 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 2644E20F; Fri, 6 Dec 2013 22:33:16 +0000 (UTC) Received: from mx.pao1.isc.org (mx.pao1.isc.org [IPv6:2001:4f8:0:2::2b]) (using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id F2B6A1796; Fri, 6 Dec 2013 22:33:15 +0000 (UTC) Received: from mx.pao1.isc.org (localhost [127.0.0.1]) by mx.pao1.isc.org (Postfix) with ESMTP id E2647C9485; Fri, 6 Dec 2013 22:33:02 +0000 (UTC) (envelope-from marka@isc.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=isc.org; s=dkim2012; t=1386369195; bh=yTyA2amSsvJybCHtM7m9hJKf6IsF1JWfjwcGF+uCYPg=; h=To:Cc:From:References:Subject:In-reply-to:Date; b=qQwMK/EhSiZa4JRng21vDwHqDIv+PRYiE0KeorOJKfVow8jxqB8xUTJZ1t843sH60 0OkpVYS4gr+PvAaXky3Cd2mM3Bk8b04x0GjYaB17fvksGWh+MB4S+tzv998EoHiBg9 iLU+Vu4E670lKeBUtqMwbkr4rlC/Hws7cpcu5eWk= Received: from zmx1.isc.org (zmx1.isc.org [149.20.0.20]) by mx.pao1.isc.org (Postfix) with ESMTP; Fri, 6 Dec 2013 22:33:02 +0000 (UTC) (envelope-from marka@isc.org) Received: from zmx1.isc.org (localhost [127.0.0.1]) by zmx1.isc.org (Postfix) with ESMTP id 0E7A3160482; Fri, 6 Dec 2013 22:41:03 +0000 (UTC) Received: from rock.dv.isc.org (c211-30-183-50.carlnfd1.nsw.optusnet.com.au [211.30.183.50]) by zmx1.isc.org (Postfix) with ESMTPSA id D5E9E160436; Fri, 6 Dec 2013 22:41:02 +0000 (UTC) Received: from rock.dv.isc.org (localhost [IPv6:::1]) by rock.dv.isc.org (Postfix) with ESMTP id 89253B55861; Sat, 7 Dec 2013 09:33:00 +1100 (EST) To: Mark Felder From: Mark Andrews References: <529D9CC5.8060709@rancid.berkeley.edu> <20131204095855.GY29825@droso.dk> <20131205193815.05de3829de9e33197fe210ac@getmail.no> <20131206143944.4873391d@suse3> <20131206220016.BADCAB556F4@rock.dv.isc.org> <1386367748.17212.56515229.7C50AFEB@webmail.messagingengine.com> Subject: Re: BIND chroot environment in 10-RELEASE...gone? In-reply-to: Your message of "Fri, 06 Dec 2013 16:09:08 -0600." <1386367748.17212.56515229.7C50AFEB@webmail.messagingengine.com> Date: Sat, 07 Dec 2013 09:33:00 +1100 Message-Id: <20131206223300.89253B55861@rock.dv.isc.org> X-DCC--Metrics: post.isc.org; whitelist X-Spam-Status: No, score=-2.2 required=5.0 tests=AWL, BAYES_00, RP_MATCHES_RCVD, SPF_PASS autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mx.pao1.isc.org Cc: freebsd-stable@freebsd.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Dec 2013 22:33:16 -0000 In message <1386367748.17212.56515229.7C50AFEB@webmail.messagingengine.com>, Ma rk Felder writes: > On Fri, Dec 6, 2013, at 16:00, Mark Andrews wrote: > > > > But they should all be running a resursive validating resolver on > > every box. > > > > Are you *really* suggesting that I should run a recursive validating > server on every single server I admin? I'm suggesting that it should be run on *every* machine in the world, until all the applications that use data from the DNS have been upgraded to validate the data they get from the DNS, need to be be running a validating resolver. MiTM attacks happen all the time in the DNS. For mobile devices I would say "Don't leave home without one" to use a well know slogan. Mark > _______________________________________________ > freebsd-stable@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org" -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: marka@isc.org