Re: FreeBSD 7.1 and BIND exploit



--On Tuesday, July 22, 2008 09:37:14 -0700 Doug Barton <dougb@xxxxxxxxxxx> wrote:

Clifton Royston wrote:
I also think that modular design of security-sensitive tools is the
way to go, with his DNS tools as with Postfix.

Dan didn't write postfix, he wrote qmail.

I think his point was that djbdns is modular just like Postfix is modular - not that Dan wrote both. I'm pretty sure everyone on the planet knows that Weitse wrote/maintains Postfix.

If djbdns was as easy to setup as Postfix is, I'd use it too.


If you're interested in a resolver-only solution (and that is not a bad way
to go) then you should evaluate dns/unbound. It is a lightweight
resolver-only server that has a good security model and already implements
query port randomization. It also has the advantage of being maintained, and
compliant to 21st Century DNS standards including DNSSEC (which, btw, is the
real solution to the response forgery problem, it just can't be deployed
universally before 8/5).


What happens on 8/5?

--
Paul Schmehl
As if it wasn't already obvious,
my opinions are my own and not
those of my employer.

_______________________________________________
freebsd-stable@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscribe@xxxxxxxxxxx"



Relevant Pages

  • Re: SuSE Linux 8.0 - Inbound/Outbound Email archival
    ... dan@ouse.info wrote: ... When I get ready to do it, I'll probably use postfix -- easier config ... The command line is the front line. ... Linux 2.4.20-4GB-athlon ...
    (alt.os.linux.suse)
  • Re: Postfix + SASL [repost]
    ... In comp.os.linux.networking Dan: ... > when postfix is compiled. ... If you've installed it from binaries, ... Forced to support NT servers; ...
    (comp.os.linux.setup)
  • Re: Postfix + SASL [repost]
    ... In comp.os.linux.networking Dan: ... > when postfix is compiled. ... If you've installed it from binaries, ... Forced to support NT servers; ...
    (comp.os.linux.networking)
  • Re: Sendmail x Postfix
    ... because I have listened very well about security and ... others in Postfix ... ... FreeBSD Cheat Sheets ...
    (freebsd-questions)
  • Re: [opensuse] Virtual domain, between Postfix and Qmail
    ... If the question is "Which MTA should I use?" ... What features were the deciding factor for you to choose Qmail? ... to compare it to Postfix. ... in Sendmail. ...
    (SuSE)