[deployment-guide/comm-rel: 148/727] Corrections in the 8.6 section.

[Jaromir Hradilek]

commit bb9e621a55f6791a087f809772343458b43efa64
Author: Adam Tkac <atkac at redhat.com>
Date:   Mon Jul 12 14:08:57 2010 +0200

    Corrections in the 8.6 section.

 en-US/The_BIND_DNS_Server.xml |    7 ++-----
 1 files changed, 2 insertions(+), 5 deletions(-)
---
diff --git a/en-US/The_BIND_DNS_Server.xml b/en-US/The_BIND_DNS_Server.xml
index b45aff8..fad6067 100644
--- a/en-US/The_BIND_DNS_Server.xml
+++ b/en-US/The_BIND_DNS_Server.xml
@@ -1825,11 +1825,8 @@ zone "1.0.10.in-addr.arpa" IN {
         <warning
           id="warning-Warning-Avoid_Using_Fixed_UDP_Source_Ports">
           <title>Warning: Avoid Using Fixed UDP Source Ports</title>
-          <para>Recent research in DNS security has shown that using a fixed UDP source port for DNS queries is a potential security vulnerability that could allow an attacker to more easily conduct cache-poisoning attacks. Due to this security threat, Red Hat issued a security update<footnote><para>The security update was <ulink
-                  url="https://rhn.redhat.com/errata/RHSA-2008-0533.html">RHSA-2008:0533</ulink>.</para>
-            </footnote> for all versions of Red Hat Enterprise Linux which updated the default sample caching-nameserver configuration files so that they do not specify a fixed query-source port, thus causing the BIND nameserver to use a new, randomly-selected source port for each DNS query by default. This method had previously only been used during <application>named</application> service startup.</para>
-          <para>DNS resolving is at risk whenever <application>named</application> is configured to use a static UDP source port. To avoid this risk, we recommend configuring your firewall to allow queries from a random UDP source port.</para>
-          <para>BIND administrators with existing configurations who wish to take advantage of randomized UDP source ports should check their configuration files to ensure that they have not specified fixed query-source ports.</para>
+          <para>Recent research in DNS security has shown that using a fixed UDP source port for DNS queries is a potential security vulnerability that could allow an attacker to more easily conduct cache-poisoning attacks</para>
+          <para>DNS resolving is at risk whenever <application>named</application> is configured to use a static UDP source port. To avoid this risk, configure your firewall to allow queries from a random UDP source port.</para>
         </warning>
           <!--<para>By default, BIND version 9 uses random ports above 1024 to query other nameservers. Some firewalls, however, expect all nameservers to communicate using only port 53. To force <command
               moreinfo="none">named</command> to use port 53, add the following