From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-server+bounces-3613-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1RG6Kz-0008Ud-Ns
	for garchives@archives.gentoo.org; Tue, 18 Oct 2011 09:51:58 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id 9AFE521C151;
	Tue, 18 Oct 2011 09:51:43 +0000 (UTC)
Received: from der-root.de (der-root.de [78.46.36.110])
	by pigeon.gentoo.org (Postfix) with ESMTP id 922E921C0A3
	for <gentoo-server@lists.gentoo.org>; Tue, 18 Oct 2011 09:51:20 +0000 (UTC)
Received: from [10.0.2.15] (der-root [78.46.36.110])
	(using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by der-root.de (Postfix) with ESMTPSA id 81553220C2CD
	for <gentoo-server@lists.gentoo.org>; Tue, 18 Oct 2011 11:51:19 +0200 (CEST)
Message-ID: <4E9D4C16.90805@smash-net.org>
Date: Tue, 18 Oct 2011 11:51:18 +0200
From: =?UTF-8?B?Tm9ybWFuIFJpZcOf?= <norman@smash-net.org>
User-Agent: Mozilla/5.0 (X11; U; Linux i686 (x86_64); en-US; rv:1.9.2.20) Gecko/20110804 Lightning/1.0b2 Thunderbird/3.1.12
Precedence: bulk
List-Post: <mailto:gentoo-server@lists.gentoo.org>
List-Help: <mailto:gentoo-server+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-server+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-server+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-server.gentoo.org>
X-BeenThere: gentoo-server@lists.gentoo.org
Reply-to: gentoo-server@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-server@lists.gentoo.org
Subject: Re: AW: [gentoo-server] Wanted: Gentoo Enterprise Server success
 stories
References: <CAA2qdGW2y9fUT32UNPqdufuwU=fvXnxbxohvzH410+Y_QYNWiQ@mail.gmail.com>	<F53DD65090BF71479D100853DCE1018D0FC4109F@MAIL-01.smartnet.local>	<4E9C14D6.2040602@smash-net.org>	<CAA2qdGXuaVyGkbo5dvcgyNO1bx7204eD+vw=BshVxToj5Mjq6g@mail.gmail.com>	<4E9D0AD0.4010105@smash-net.org> <CAA2qdGUOXq-bUhtciuSHw7WCjzJ7vc0Yiw8WDujeiMN6SCjT5g@mail.gmail.com>
In-Reply-To: <CAA2qdGUOXq-bUhtciuSHw7WCjzJ7vc0Yiw8WDujeiMN6SCjT5g@mail.gmail.com>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 
X-Archives-Hash: 29e560738f8afc939efd57fa3b675b1b

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/18/11 09:37, Pandu Poluan wrote:
>> Every Xen VM is running its own kernel and needs to be restarted or
>> kexec'ed when this kernel is updated. If this is not the case, the VM is
>> vulnerable to kernel bugs just as any other physical system, even if the
>> host on which the VM is running is secure.
>> I assume BIND is updated and restarted as needed, but that is not enough.
> 
> Does it matter if the DNS server is behind a firewall that allows only
> TCP+UDP traffic to port 53?
> 
> Rgds,
> 

Maybe, depending on the vulnerability.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJOnUwWAAoJEMCA6frkLT6zBcIIAIs1bYzO5dqt0riYWcgld7Y1
GNv6MoXu0QhEA8HP4sNvpV932pebuc8U1vHaVLvRpb36HJEifj9MOtBLCdJR/Ne/
ZPelAHforaSSqePJF44yhg1dPhWe13IUyZCMEjZwNqlhXVR36y8wvkotE0Af7ddc
5SNYyJnjl2nY9DzgsEiT+IEu7c0fvry35sqqv7rEZ8hGwnZZbH8k76RrLtmt7RQs
gg+oWX2IwGyjjw42Y83dHdDaaP07vAUStCr//rYsFVo1TrPZEm5pBzdHM+8iDbho
YBKSW0G2I40QXgOqFBh77oH24J8+ETAK9ugMry15GldS/SCGGjIoHmwGWnoHN/Y=
=Fl/M
-----END PGP SIGNATURE-----