On Tue, 16 Jul 2002, Patrick Thomas wrote:
>
> Understood. That's not very painful at all - I assume any new version of
> bind9 will work then.
the newest definitly will
>
> Is there a reason this workaround couldn't be added to the
> freebsd-security advisory ? Currently it states there is no workaround,
> and this is a very nice one...
If the security people felt like it, it would probably
be an idea to mention it..
Also, having your own caching forwarding server is usually a good idea on
any site with mor ethan a few machines anyway.
>
> Also, you meant resolv.conf, right ? (not resolver.conf ?)
yes of course.. :-)
Of course you just need one forwarding server per site not per machine..
(and block outgoing dns requests from all other machines using the
firewall)
>
> --pt
>
> On Tue, 16 Jul 2002, Julian Elischer wrote:
>
> > a real workaround means:
> >
> > setting resolver.conf to point to 127.0.0.1
> > running a local copy of bind-9 as a forwarding server.
> > bind-9 rebuilds requests and answers it forwards..
> > bind-8 just passes them through.
> >
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
