[nycbug-talk] BIND vulnerability

Charles Sprickman spork at bway.net
Tue Jul 8 22:30:39 EDT 2008

Just in case you haven't seen this elsewhere yet:


I wonder if that "notification date" for FreeBSD is to be believed?

There's currently no updates to the ports.  I run 9.3.5 and was able to 
build the patched version within ports by doing the following:

-editing the distinfo file like so:

MD5 (bind-9.3.5-P1.tar.gz) = 1446984f552b18a0ff7db63971a0cb5a
SHA256 (bind-9.3.5-P1.tar.gz) = 8bd6b53f5a2c5f0332aaba9a51ef3d7fc55c60f906f0c506
SIZE (bind-9.3.5-P1.tar.gz) = 5626167
MD5 (bind-9.3.5-P1.tar.gz.asc) = 3680754939a9af0b1f6bb733a3a8fb3b
SHA256 (bind-9.3.5-P1.tar.gz.asc) = cf312c8a4c2cf1c07a473d2ff6db597a0677c5f8a79b
SIZE (bind-9.3.5-P1.tar.gz.asc) = 479

-editing the port Makefile to reflect the new filename:

# ISC releases things like 9.3.0rc1, which our versioning doesn't like
ISCVERSION=     9.3.5-P1

Built clean on 6.3, running it for about an hour now.

Perhaps others can share any info on the ports/pkg systems for other BSDs?

Of course anyone who's been running DNSSEC before today is welcome to pipe 
up with any good tips on getting that beast going for a ton of zones...


Charles Sprickman
Bway.net - New York's Best Internet - www.bway.net
spork at bway.net - 212.655.9344

More information about the talk mailing list