diff options
| author | dougb <dougb@FreeBSD.org> | 2007-07-25 08:12:36 +0000 |
|---|---|---|
| committer | dougb <dougb@FreeBSD.org> | 2007-07-25 08:12:36 +0000 |
| commit | e9f5980a15892cbb50c32cfaab95f2dcb23cebcd (patch) | |
| tree | 5e59e5d349bab1b1962e57d794d1ceb729fa3150 /contrib/bind9/doc/arm/man.dnssec-keygen.html | |
| parent | 7fe38836a11b0c3827d4e4c79c7d24ddf4534957 (diff) | |
| download | FreeBSD-src-e9f5980a15892cbb50c32cfaab95f2dcb23cebcd.zip FreeBSD-src-e9f5980a15892cbb50c32cfaab95f2dcb23cebcd.tar.gz | |
Vendor import of 9.4.1-P1, which has fixes for the following:
1. The default access control lists (acls) are not being
correctly set. If not set anyone can make recursive queries
and/or query the cache contents.
See also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925
2. The DNS query id generation is vulnerable to cryptographic
analysis which provides a 1 in 8 chance of guessing the next
query id for 50% of the query ids. This can be used to perform
cache poisoning by an attacker.
This bug only affects outgoing queries, generated by BIND 9 to
answer questions as a resolver, or when it is looking up data
for internal uses, such as when sending NOTIFYs to slave name
servers.
All users are encouraged to upgrade.
See also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
Approved by: re (kensmith, implicit)
Diffstat (limited to 'contrib/bind9/doc/arm/man.dnssec-keygen.html')
| -rw-r--r-- | contrib/bind9/doc/arm/man.dnssec-keygen.html | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/contrib/bind9/doc/arm/man.dnssec-keygen.html b/contrib/bind9/doc/arm/man.dnssec-keygen.html index 4836f04..54780dc 100644 --- a/contrib/bind9/doc/arm/man.dnssec-keygen.html +++ b/contrib/bind9/doc/arm/man.dnssec-keygen.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: man.dnssec-keygen.html,v 1.2.2.37 2007/01/30 00:23:46 marka Exp $ --> +<!-- $Id: man.dnssec-keygen.html,v 1.2.2.37.10.1 2007/07/09 02:25:53 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -50,7 +50,7 @@ <div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2597473"></a><h2>DESCRIPTION</h2> +<a name="id2597558"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dnssec-keygen</strong></span> generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC <TBA\>. It can also generate keys for use with @@ -58,7 +58,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2597555"></a><h2>OPTIONS</h2> +<a name="id2597572"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt> <dd> @@ -166,7 +166,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2597966"></a><h2>GENERATED KEYS</h2> +<a name="id2598052"></a><h2>GENERATED KEYS</h2> <p> When <span><strong class="command">dnssec-keygen</strong></span> completes successfully, @@ -212,7 +212,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2598074"></a><h2>EXAMPLE</h2> +<a name="id2598160"></a><h2>EXAMPLE</h2> <p> To generate a 768-bit DSA key for the domain <strong class="userinput"><code>example.com</code></strong>, the following command would be @@ -233,7 +233,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2598131"></a><h2>SEE ALSO</h2> +<a name="id2600196"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, <em class="citetitle">RFC 2535</em>, @@ -242,7 +242,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2600824"></a><h2>AUTHOR</h2> +<a name="id2600227"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> |
