Clifton Royston wrote:
I also think that modular design of security-sensitive tools is the
way to go, with his DNS tools as with Postfix.
Dan didn't write postfix, he wrote qmail.
If you're interested in a resolver-only solution (and that is not a
bad way to go) then you should evaluate dns/unbound. It is a
lightweight resolver-only server that has a good security model and
already implements query port randomization. It also has the advantage
of being maintained, and compliant to 21st Century DNS standards
including DNSSEC (which, btw, is the real solution to the response
forgery problem, it just can't be deployed universally before 8/5).
hth,
Doug
--
This .signature sanitized for your protection
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
