BIND and reconstruction of DNS messages (was Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv)

From: Jacques A. Vidrine (nectar@FreeBSD.ORG)
Date: 06/27/02


Date: Wed, 26 Jun 2002 22:16:14 -0500
From: "Jacques A. Vidrine" <nectar@FreeBSD.ORG>
To: Mark.Andrews@isc.org

On Thu, Jun 27, 2002 at 10:12:08AM +1000, Mark.Andrews@isc.org wrote:
> Provided you are behind a nameserver you trust that reconstructs
> the answer you should be fine.

Thanks for this info, Mark.

I guess that name server better be running on localhost, or else an
agent may be able to spoof DNS messages.

> BIND 9 reconstucts all answers (excluding forwarded UPDATES).

cool

> BIND 8 forwards some and reconstructs others.

at random? :-)

Cheers,

-- 
Jacques A. Vidrine <n@nectar.cc>                 http://www.nectar.cc/
NTT/Verio SME          .     FreeBSD UNIX     .       Heimdal Kerberos
jvidrine@verio.net     .  nectar@FreeBSD.org  .          nectar@kth.se
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message