MidnightBSD Developer Journal

Most DNS software packages have a common design problem, they don't use random source ports. There is a great deal of coverage on this issue at isc.org as well as a CVE, etc.

I've committed a patch to MidnightBSD CURRENT tonight. Until I test it seriously, I'm not going to put it on stable branches. I've also updates all three bind ports with the latest patch level.

These patches are known to slow down bind. I don't think most midnightbsd users run DNS servers, so it shouldn't be a big issue. Any ISP or larger DNS deployment should update their servers though.

My patch does not include all the documentation updates.

Recently, I added pcc to midnightbsd. While testing mksh, the maintainer noticed that some symbols were missing. Linking libgcc with pcc worked as did libpcc (Mirports version).

Any programs compiled with pcc should link libpcc with them.