FreeBSD Security Advisories wrote:
I. Background
BIND 9 is an implementation of the Domain Name System (DNS) protocols.
The named(8) daemon is an Internet Domain Name Server.
DNS Security Extensions (DNSSEC) provides data integrity, origin
authentication and authenticated denial of existence to resolvers.
II. Problem Description
If a client requests DNSSEC records with the Checking Disabled (CD) flag
set, BIND may cache the unvalidated responses. These responses may later
be returned to another client that has not set the CD flag.
How do I find out if my named server is using DNSSEC? I am using the
vanilla defaults with named on FreeBSD.
_______________________________________________
freebsd-stable@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
