FreeBSD Security Advisory FreeBSD-SA-09:04.bind
Carl Friend
Carl.Friend at mathworks.com
Wed Jan 14 09:49:24 PST 2009
Hi Leonid,
I got the message, so it looks like at least something is working.
From the advisory:
> NOTE WELL: If named(8) is not explicitly set to use DNSSEC the setup
> is not vulnerable to the issue as described in this Security Advisory.
We are not using DNSSEC on either the internal or external BIND
instances. We *are* using authentication keys for some of the internal
infrastructure (for dynamic updates) but not for the external, and
this facility uses shared-secrets anyway rather than PKI.
I think we're OK unless we're going to light up DNSSEC in the near
future.
+-----------------------------------------+----------------------------+
| Carl Richard Friend (UNIX Sysadmin) | Natick, Massachusetts, USA |
| Minicomputer Collector / Enthusiast | 01760-2098 |
| mailto:carl_friend at mathworks.com +----------------------------+
| http://users.rcn.com/crfriend/museum | ICBM: +42:18:00 -71:21:03 |
+-----------------------------------------+----------------------------+
More information about the freebsd-security
mailing list