12:18 AM - DNS server vulnerabilities
Most DNS software packages have a common design problem, they don't use random source ports. There is a great deal of coverage on this issue at isc.org as well as a CVE, etc.
I've committed a patch to MidnightBSD CURRENT tonight. Until I test it seriously, I'm not going to put it on stable branches. I've also updates all three bind ports with the latest patch level.
These patches are known to slow down bind. I don't think most midnightbsd users run DNS servers, so it shouldn't be a big issue. Any ISP or larger DNS deployment should update their servers though.
My patch does not include all the documentation updates.
Comments
I should add that I haven't decided if this will go into 0.2 before the upcoming release. It might be on the RELENG_0_2 branch after release.