Re: FreeBSD Security Advisory FreeBSD-SA-07:02.bind

看板FB_security作者時間19年前 (2007/02/10 12:32), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串2/3 (看更多)
> IV. Workaround > > There is no workaround available, but systems which are not authoritative > servers for DNSSEC signed zones are not affected by the first issue; and > systems which do not permit untrusted users to perform recursive DNS > resolution are not affected by the second issue. Note that the default > configuration for named(8) in FreeBSD allows local access only (which on > many systems is equivalent to refusing access to untrusted users). More precisely, systems which do not *validate* anwers are not vulnerable to the first. All nameservers which offer recursion are vulnerable to the second. From ISC's advisary (which I authored). Workaround: Disable / restrict recursion (to limit exposure). Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 Mark_Andrew. 的文章
文章代碼(AID): #15pKh800 (FB_security)
更多 Mark_Andrew. 的文章
文章代碼(AID): #15pKh800 (FB_security)