FreeBSD Security Advisory FreeBSD-SA-15:11.bind
Dan Lukes
dan at obluda.cz
Wed Jul 8 17:28:01 UTC 2015
On 07/08/15 18:29, Mark Felder:
>> IV. Workaround
>>
>> No workaround is available, but hosts not running named(8) are not
>> vulnerable.
> Why is no workaround available? Can't you just disable DNSSEC
> validation?
>
> dnssec-enable no;
> dnssec-validation no;
Well, it depend ...
If someone is running DNSSEC validation, then turning it off is no solution.
You may claim either "turn off named" or "power off the computer" to be
available workaround ...
Just my $0.02
Dan
More information about the freebsd-security
mailing list