BIND and reconstruction of DNS messages (was Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv)

From: Jacques A. Vidrine (nectar@FreeBSD.ORG)
Date: 06/27/02

Date: Wed, 26 Jun 2002 22:16:14 -0500
From: "Jacques A. Vidrine" <nectar@FreeBSD.ORG>

On Thu, Jun 27, 2002 at 10:12:08AM +1000, wrote:
> Provided you are behind a nameserver you trust that reconstructs
> the answer you should be fine.

Thanks for this info, Mark.

I guess that name server better be running on localhost, or else an
agent may be able to spoof DNS messages.

> BIND 9 reconstucts all answers (excluding forwarded UPDATES).


> BIND 8 forwards some and reconstructs others.

at random? :-)


Jacques A. Vidrine <>       
NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos     .  .
To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message