Re: Re[2]: Verisign fun.

• Previous message: Walter Hop: "Re[2]: Verisign fun."
• In reply to: Walter Hop: "Re[2]: Verisign fun."
• Next in thread: Brad Davis: "Re: Re[2]: Verisign fun."
• Reply: Brad Davis: "Re: Re[2]: Verisign fun."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

To: freebsd-isp@freebsd.org
Date: 17 Sep 2003 13:47:38 -0800

I saw that on the ISC bind9-users list also. We have moved off our bind9
servers to djbdns a couple days agao and there are patches for that
version also, but we have decided to let the dust settle as impact is
minimal right now.

I always say, "Only the experienced walk with a limp."

Dee

On Wed, 2003-09-17 at 13:39, Walter Hop wrote:
> [in reply to secabeen@pobox.com, 17-9-2003]
>
> >> I don't know about you guys but the verisign redirecting all
> >> unregistered .com/.net domains is annoying. Someone pointed this out to
> >> me.
> >>
> >> http://achurch.org/bind-verisign-patch.html
> >
> > If you want to do something like this, here's the official ISC patch:
> >
> > http://www.isc.org/products/BIND/delegation-only.html
>
> If you do this patch, test it carefully. I have had serious resolution
> problems with the patch on FreeBSD 4.8, and somebody else on bind9-users
> with Solaris had the same.
>
> Unless you host applications or networks that break, I would suggest
> waiting a few days to see if an updated version becomes available.
>
> I am nullrouting the IP addresses of Verisign's spam webservers for now.
>
> cheers,
> walter

_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

• Previous message: Walter Hop: "Re[2]: Verisign fun."
• In reply to: Walter Hop: "Re[2]: Verisign fun."
• Next in thread: Brad Davis: "Re: Re[2]: Verisign fun."
• Reply: Brad Davis: "Re: Re[2]: Verisign fun."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: Re[2]: Verisign fun. ... and I am pretty happy with djbdns. ... Patches also ... Brad ... > servers to djbdns a couple days agao and there are patches for that ... (freebsd-isp) Re: Changes in IDS Companies? ... Things like port scans and DoS attacks very often ... >> If people are running insecure web servers, ... when people don't update their patches at ... > downplay the vulnerability to save face, so admins even if they are trying ... (Focus-IDS) RE: Betr.: Re: MS Patches Management software: SUS vs 3rd party ... We are also currently looking at a solution for updating our clients and servers. ... The major drawback is that if a new unpatched client connects to it, it retrieves all patches at once. ... There is no management in SUS, ... >The Presidio integrates PGP data encryption and XML Web Services security to ... (Security-Basics) Re: Betr.: Re: MS Patches Management software: SUS vs 3rd party ... > it retrieves all patches at once. ... There is no management in SUS, ... > If they are planning to include the Windows NT 4.0 servers for the ... >> simplify the management and deployment of PGP and reduce overall PGP ... (Security-Basics) Re: [Full-Disclosure] DCOM RPC exploit (dcom.c) ... But you'd still patch either way, ... of home users who don't even know what a security patch *IS*, ... But how many organisations firewall off internal servers from ... administrators have the time to watch the IDS given the number of patches they ... (Full-Disclosure)