> Date: Thu, 07 Jan 2010 15:16:43 -0800 > From: Doug Barton <[email protected]> > Sender: [email protected] > > Thomas Rasmussen wrote: > > Hello, > > > > While this is all true, this vulnerability is for caching servers, > > not authorative ones. It is pretty easy to setup DLV validation on a > > recursive bind server. However, it is not enabled by default on FreeBSD, > > so Stephen should be safe. > > FWIW, I agree with Thomas.
As do I. Guess I've been putting so much effort into getting my zones signed that DNSSEC took me in the wrong direction. No, a default config won't make you vulnerable, but making yourself vulnerable is not heard at all, especially if you use the DLV. -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [email protected] Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[email protected]"
