diff options
| author | dougb <dougb@FreeBSD.org> | 2007-07-25 08:12:36 +0000 |
|---|---|---|
| committer | dougb <dougb@FreeBSD.org> | 2007-07-25 08:12:36 +0000 |
| commit | e9f5980a15892cbb50c32cfaab95f2dcb23cebcd (patch) | |
| tree | 5e59e5d349bab1b1962e57d794d1ceb729fa3150 /contrib/bind9/doc/arm/man.dnssec-signzone.html | |
| parent | 7fe38836a11b0c3827d4e4c79c7d24ddf4534957 (diff) | |
| download | FreeBSD-src-e9f5980a15892cbb50c32cfaab95f2dcb23cebcd.zip FreeBSD-src-e9f5980a15892cbb50c32cfaab95f2dcb23cebcd.tar.gz | |
Vendor import of 9.4.1-P1, which has fixes for the following:
1. The default access control lists (acls) are not being
correctly set. If not set anyone can make recursive queries
and/or query the cache contents.
See also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2925
2. The DNS query id generation is vulnerable to cryptographic
analysis which provides a 1 in 8 chance of guessing the next
query id for 50% of the query ids. This can be used to perform
cache poisoning by an attacker.
This bug only affects outgoing queries, generated by BIND 9 to
answer questions as a resolver, or when it is looking up data
for internal uses, such as when sending NOTIFYs to slave name
servers.
All users are encouraged to upgrade.
See also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926
Approved by: re (kensmith, implicit)
Diffstat (limited to 'contrib/bind9/doc/arm/man.dnssec-signzone.html')
| -rw-r--r-- | contrib/bind9/doc/arm/man.dnssec-signzone.html | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/contrib/bind9/doc/arm/man.dnssec-signzone.html b/contrib/bind9/doc/arm/man.dnssec-signzone.html index 84a7979..6301421 100644 --- a/contrib/bind9/doc/arm/man.dnssec-signzone.html +++ b/contrib/bind9/doc/arm/man.dnssec-signzone.html @@ -14,7 +14,7 @@ - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - PERFORMANCE OF THIS SOFTWARE. --> -<!-- $Id: man.dnssec-signzone.html,v 1.2.2.35 2007/01/30 00:23:46 marka Exp $ --> +<!-- $Id: man.dnssec-signzone.html,v 1.2.2.35.10.1 2007/07/09 02:25:53 marka Exp $ --> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> @@ -50,7 +50,7 @@ <div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code> [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {zonefile} [key...]</p></div> </div> <div class="refsect1" lang="en"> -<a name="id2598526"></a><h2>DESCRIPTION</h2> +<a name="id2598407"></a><h2>DESCRIPTION</h2> <p><span><strong class="command">dnssec-signzone</strong></span> signs a zone. It generates NSEC and RRSIG records and produces a signed version of the @@ -61,7 +61,7 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2598546"></a><h2>OPTIONS</h2> +<a name="id2598426"></a><h2>OPTIONS</h2> <div class="variablelist"><dl> <dt><span class="term">-a</span></dt> <dd><p> @@ -257,7 +257,7 @@ </dl></div> </div> <div class="refsect1" lang="en"> -<a name="id2623261"></a><h2>EXAMPLE</h2> +<a name="id2622323"></a><h2>EXAMPLE</h2> <p> The following command signs the <strong class="userinput"><code>example.com</code></strong> zone with the DSA key generated in the <span><strong class="command">dnssec-keygen</strong></span> @@ -283,14 +283,14 @@ </p> </div> <div class="refsect1" lang="en"> -<a name="id2641212"></a><h2>SEE ALSO</h2> +<a name="id2641229"></a><h2>SEE ALSO</h2> <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, <em class="citetitle">BIND 9 Administrator Reference Manual</em>, <em class="citetitle">RFC 2535</em>. </p> </div> <div class="refsect1" lang="en"> -<a name="id2652706"></a><h2>AUTHOR</h2> +<a name="id2652723"></a><h2>AUTHOR</h2> <p><span class="corpauthor">Internet Systems Consortium</span> </p> </div> |
