On Monday 21 July 2008 21:14:22 Doug Barton wrote: > Brett Glass wrote: > | Everyone: > | > | Will FreeBSD 7.1 be released in time to use it as an upgrade to > | close the BIND cache poisoning hole? > > Brett, et al, > > I'll make this simple for you. If you have a server that is running > BIND, update BIND now. If you need to use the ports, that's fine, just > do it now. Make sure that you are not specifying a port via any > query-source* options in named.conf, and that any firewall between > your named process and the outside world does keep-state on outgoing > UDP packets.
... and that any NAT device employs at least a somewhat random port allocation mechanism - pf provides this. > If you have a system with BIND installed (as it is by default) but you > are NOT running named, you don't need to worry about updating now, but > you should do it "soonish" just in case someone gets a wild hair and > starts up named on that box. > > As for the meta-question, FreeBSD is currently operating on a > time-based release schedule, not a feature-based one. And to your > actual question, the answer is no. > > > hope this helps, > > Doug -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News _______________________________________________ freebsd-stable@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[EMAIL PROTECTED]"
