RE: FreeBSD Security Advisory FreeBSD-SA-09:04.bind



Hi Leonid,

I got the message, so it looks like at least something is working.

From the advisory:

NOTE WELL: If named(8) is not explicitly set to use DNSSEC the setup
is not vulnerable to the issue as described in this Security Advisory.

We are not using DNSSEC on either the internal or external BIND
instances. We *are* using authentication keys for some of the internal
infrastructure (for dynamic updates) but not for the external, and
this facility uses shared-secrets anyway rather than PKI.

I think we're OK unless we're going to light up DNSSEC in the near
future.

+-----------------------------------------+----------------------------+
| Carl Richard Friend (UNIX Sysadmin) | Natick, Massachusetts, USA |
| Minicomputer Collector / Enthusiast | 01760-2098 |
| mailto:carl_friend@xxxxxxxxxxxxx +----------------------------+
| http://users.rcn.com/crfriend/museum | ICBM: +42:18:00 -71:21:03 |
+-----------------------------------------+----------------------------+

_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"