Doug Barton ab54e43037 Upgrade to the -P1 versions of each port, which add stronger randomization ... of the UDP query-source ports. The server will still use the same query port for the life of the process, so users for whom the issue of cache poisoning is highly significant may wish to periodically restart their server using /etc/rc.d/named restart, or other suitable method. In order to take advantage of this randomization users MUST have an appropriate firewall configuration to allow UDP queries to be sent and answers to be received on random ports; and users MUST NOT specify a port number using the query-source[-v6] option. The avoid-v[46]-udp-ports options exist for users who wish to eliminate certain port numbers from being chosen by named for this purpose. See the ARM Chatper 6 for more information. Also please note, this issue applies only to UDP query ports. A random ephemeral port is always chosen for TCP queries. This issue applies primarily to name servers whose main purpose is to resolve random queries (sometimes referred to as "caching" servers, or more properly as "resolving" servers), although even an "authoritative" name server will make some queries, primarily at startup time. This update addresses issues raised in: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447 http://www.kb.cert.org/vuls/id/800113 http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience		2008-07-09 19:02:01 +00:00
..
distinfo	Upgrade to the -P1 versions of each port, which add stronger randomization	2008-07-09 19:02:01 +00:00
Makefile	Upgrade to the -P1 versions of each port, which add stronger randomization	2008-07-09 19:02:01 +00:00
pkg-descr	Update to version 9.3.5. It contains the latest bug fixes, updates	2008-06-02 05:20:09 +00:00
pkg-message	Update to version 9.3.5. It contains the latest bug fixes, updates	2008-06-02 05:20:09 +00:00
pkg-plist	Update to version 9.3.5. It contains the latest bug fixes, updates	2008-06-02 05:20:09 +00:00