On Wed, 8 Jul 2015 12:49:12 -0500, Mark Felder wrote:
> "No workaround is available, but only systems that are manually
> configured to enable DNSSEC validation are affected." would be a
> reasonable statement.
Agreed. DNSSEC may become mandatory, and while surely 'best practice',
it's not y
On 2015-07-08 10:49, Mark Felder wrote:
DNSSEC is not a requirement to run a DNS resolver.
It is requirement if you're using DANE or other technologies where the
trust model relies on authenticated DNS. I've always understood the
term "workaround" to mean "mitigate the problem without a loss
On Wed, Jul 8, 2015, at 12:27, Dan Lukes wrote:
> On 07/08/15 18:29, Mark Felder:
> >> IV. Workaround
> >>
> >> No workaround is available, but hosts not running named(8) are not
> >> vulnerable.
>
> > Why is no workaround available? Can't you just disable DNSSEC
> > validation?
> >
> > dnssec-
On 07/08/15 18:29, Mark Felder:
IV. Workaround
No workaround is available, but hosts not running named(8) are not
vulnerable.
Why is no workaround available? Can't you just disable DNSSEC
validation?
dnssec-enable no;
dnssec-validation no;
Well, it depend ...
If someone is running DNSSE
On Tue, Jul 7, 2015, at 18:25, FreeBSD Security Advisories wrote:
>
> IV. Workaround
>
> No workaround is available, but hosts not running named(8) are not
> vulnerable.
>
Why is no workaround available? Can't you just disable DNSSEC
validation?
dnssec-enable no;
dnssec-validation no;
In f
