# djbdns security breach and patch



## ctaranotte (Mar 6, 2009)

Hello fellow djbdns happy users,

Dan Bernstein, the developer, acknowledged a security flaw in djbdns and posted a patch on the gmane.network.djbdns newsgroup.

Dan surely made good on his word and already mailed a $1,000 check to Matthew Dempsky, the lucky (and smart) happy user who pointed out this flaw here.

Edit: still no new version in ports so until further notice from the port maintainer, I recommend the following:

save the patch in a file named "patch-something", 
drop this file in /usr/ports/dns/djbdns/files, 
make, 
make deinstall
make reinstall
and run /user/local/etc/rc.d/svscan.sh restart.

Edit 2: a new version is in ports.


----------

