* Florian Weimer <[EMAIL PROTECTED]> [070725 01:36]: > Will there be a timely security update for BIND 9, or does it make > sene to roll your own?
There is a security update for this issue being put together since yesterday, its in the testing phase now. Speaking of this issue... this problem existed before in BIND[1] as the old way of doing things was to have sequential 'sequence numbers', these were used to 'authenticate' responses and due to them being sequential they were easily guessed. The fix was to change the sequence numbers to be randomized. However, the field is only 16 bits and so now someone has found a way to predict the sequence numbers again (likely by looking at the algorithm used). Even so, the sequence numbers are not that difficult to predict because you can guess all 2^16 of them at the same time. This real problem in the DNS protocol at a very basic level. Micah -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
