Re: FreeBSD Security Advisory FreeBSD-SA-07:02.bind

看板FB_security作者時間19年前 (2007/02/10 15:13), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串3/3 (看更多)
Mark Andrews wrote: >> There is no workaround available, but systems which are not authoritative >> servers for DNSSEC signed zones are not affected by the first issue; and >> systems which do not permit untrusted users to perform recursive DNS >> resolution are not affected by the second issue. Note that the default >> configuration for named(8) in FreeBSD allows local access only (which on >> many systems is equivalent to refusing access to untrusted users). > > From ISC's advisary (which I authored). > > Workaround: > > Disable / restrict recursion (to limit exposure). Considering that the only FreeBSD systems which permit recursive queries are those which have been specifically configured to do so, I don't consider this to be a workaround. DoS by administrator is no better than DoS by attacker. Colin Percival _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 cperciva. 的文章
文章代碼(AID): #15pN2F00 (FB_security)
更多 cperciva. 的文章
文章代碼(AID): #15pN2F00 (FB_security)