Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: BIND OpenSSL follow-up - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
BIND OpenSSL follow-up

As a follow-up to the story from yesterday on the BIND DNS server updates (as a result of the OpenSSL signature validation bug)... It is difficult to tell whether the default BIND9 configuration turns on DNSSEC support by default.  I reviewed the BIND documentation and the CHANGES file today.  It certainly appears that the default settings for DNSSEC have been recently changed in the 9.6.0b1 and 9.5.0a1 releases.  If you are running BIND DNS servers with DNSSEC, then you probably care that signatures check-out and you need to patch regardless of what the default settings are.  Otherwise, this isn't an exploitation bug and you don't need to patch immediately.

Kyle

112 Posts

Sign Up for Free or Log In to start participating in the conversation!