DragonFly commits List (threaded) for 2010-01
[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]

Re: git: BIND: enable DNSSEC support for named and related tools by default.

From:	Constantine Aleksandrovich Murenin <C++@xxxxxx>
Date:	Mon, 18 Jan 2010 02:38:54 -0500

Shouldn't DNSSEC be off by default?

http://security.FreeBSD.org/advisories/FreeBSD-SA-10:01.bind.asc

http://www.google.com/search?q=dnssec+site:cr.yp.to

http://cr.yp.to/talks.html#2009.08.10
http://cr.yp.to/talks/2009.08.10/slides.pdf
«
2009.08.10 09:30	60 minutes	invited lecture	Canada	researchers
[PDF slides] WOOT 2009. Le Centre Sheraton Hotel, Montreal. "Breaking
DNSSEC." Keynote lecture. Abstract:
More than two hundred sites around the world have installed DNSSEC
during the past year, so attackers can finally gain hands-on
experience with breaking DNSSEC servers. How quickly does DNSSEC leak
private information? How powerful are today's DNSSEC servers when they
are abused as denial-of-service amplifiers? How easy is it to forge
DNS data from a DNSSEC server?
»

C.

2010/1/17 Jan Lentfer <lentferj@crater.dragonflybsd.org>:
>
> commit 9b280f55325116795c4c7a8faac79b452b7b9469
> Author: Jan Lentfer <Jan.Lentfer@web.de>
> Date:   Sun Jan 17 14:21:39 2010 +0100
>
>    BIND: enable DNSSEC support for named and related tools by default.
>
>        * This adds -DOPENSSL and -lcrypto to effected Makefiles
>
>        * This patch also introduces NO_BIND_DNSSEC for make.conf
>          to disable build of DNSSEC with BIND.
>
> Summary of changes:
>  etc/defaults/make.conf            |    1 +
>  lib/libisc/Makefile               |    4 ++++
>  share/man/man5/make.conf.5        |    3 +++
>  usr.bin/dig/Makefile              |    5 +++++
>  usr.bin/dnssec-keygen/Makefile    |    5 +++++
>  usr.bin/dnssec-signzone/Makefile  |    5 +++++
>  usr.bin/host/Makefile             |    5 +++++
>  usr.sbin/named-checkconf/Makefile |    5 +++++
>  usr.sbin/named-checkzone/Makefile |    5 +++++
>  usr.sbin/named/Makefile           |    4 ++++
>  usr.sbin/nslookup/Makefile        |    5 +++++
>  usr.sbin/nsupdate/Makefile        |    5 +++++
>  usr.sbin/rndc-confgen/Makefile    |    5 +++++
>  usr.sbin/rndc/Makefile            |    5 +++++
>  14 files changed, 62 insertions(+), 0 deletions(-)
>
> http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/9b280f55325116795c4c7a8faac79b452b7b9469
>
>
> --
> DragonFly BSD source repository

Follow-Ups:
- Re: git: BIND: enable DNSSEC support for named and related tools by default.
  - From: Aggelos Economopoulos <aoiko@cc.ece.ntua.gr>
- Re: git: BIND: enable DNSSEC support for named and related tools by default.
  - From: Aggelos Economopoulos <aoiko@cc.ece.ntua.gr>

References:
- git: BIND: enable DNSSEC support for named and related tools by default.
  - From: Jan Lentfer <lentferj@crater.dragonflybsd.org>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index]