Well as a developer of BIND I will tell you that my development
platform is FreeBSD.
FreeBSD drugs.dv.isc.org 6.3-STABLE FreeBSD 6.3-STABLE #19: Fri Apr 25 13:07:00
EST 2008 [EMAIL PROTECTED]:/usr/obj/usr/src/sys/DRUGS i386
If Doug hasn't already updated the ports to use the -P1 I
would expect him to do so shortly. Or you could all do it
yourselves. It really is not that hard. Just check the
PGP signatures on the tarball when you make the new checksums
for the port.
As for updating the base. There is still time to do this
without panicing. Dan's method has not been released.
Remember the only real solution to cache poisoning is to
deploy DNSSEC. You can go out and do your part of that
today. If you really cared about DNS security you would
have done it already. It isn't that hard. Just use the
defaults.
http://www.isc.org/sw/bind/docs/DNSSEC_in_6_minutes.pdf
Talk to your member(s) of parliment about getting the root
signed and your cctld signed (only 4 have been signed last
time I checked). If .SE and .BR can do it then your cctld
can do it. ORG is in the process of getting DNSSEC added.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
