BIND chroot environment in 10-RELEASE...gone?
Mark Andrews
marka at isc.org
Fri Dec 6 22:33:16 UTC 2013
In message <1386367748.17212.56515229.7C50AFEB at webmail.messagingengine.com>, Ma
rk Felder writes:
> On Fri, Dec 6, 2013, at 16:00, Mark Andrews wrote:
> >
> > But they should all be running a resursive validating resolver on
> > every box.
> >
>
> Are you *really* suggesting that I should run a recursive validating
> server on every single server I admin?
I'm suggesting that it should be run on *every* machine in the
world, until all the applications that use data from the DNS have
been upgraded to validate the data they get from the DNS, need to
be be running a validating resolver.
MiTM attacks happen all the time in the DNS.
For mobile devices I would say "Don't leave home without one" to
use a well know slogan.
Mark
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the freebsd-stable
mailing list