XFR killed by security
Peter
pmc at citylink.dinoex.sub.org
Mon Mar 4 15:24:12 UTC 2024
On Mon, Mar 04, 2024 at 03:43:48PM +0100, Ondřej Surý wrote:
! > On 4. 3. 2024, at 14:55, Peter <pmc at citylink.dinoex.sub.org> wrote:
! >
! > I don't find it really surprizing that XFR would contain "multiple
! > RRSIG entries".
!
! Unfortunately, this is obviously surprising to the vendor of the security device. This needs to be fixed there, not here. As for the CVE, you have the number that can be used, but here’s the blogpost for reference: https://www.isc.org/blogs/2024-bind-security-release/
Thank You, Ondrej, this link shortens my path. This is what I wanted
to know.
So the current version of BIND mitigates the issue, and the somehow
ill-devised security rule can then simply be excluded. Wonderful.
cheerio,
PMc
More information about the bind-users
mailing list