Update to 9.3.4-P1, which fixes the following:

The DNS query id generation is vulnerable to cryptographic
analysis which provides a 1 in 8 chance of guessing the next
query id for 50% of the query ids. This can be used to perform
cache poisoning by an attacker.

This bug only affects outgoing queries, generated by BIND 9 to
answer questions as a resolver, or when it is looking up data
for internal uses, such as when sending NOTIFYs to slave name
servers.

All users are encouraged to upgrade.

See also:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2926

dns/bind9/Makefile

@@ -12,7 +12,7 @@
 # release you can generally build it cleanly from the source - Doug
 
 PORTNAME=	bind9
-PORTVERSION=	9.3.4
+PORTVERSION=	9.3.4.1
 CATEGORIES=	dns net ipv6
 MASTER_SITES=	${MASTER_SITE_ISC} \
 		http://dougbarton.us/Downloads/%SUBDIR%/
@@ -25,7 +25,7 @@ MAINTAINER=	DougB@FreeBSD.org
 COMMENT=	Completely new version of the BIND DNS suite with updated DNSSEC
 
 # ISC releases things like 9.3.0rc1, which our versioning doesn't like
-ISCVERSION=	9.3.4
+ISCVERSION=	9.3.4-P1
 
 GNU_CONFIGURE=	yes
 CONFIGURE_ARGS=	--localstatedir=/var --disable-linux-caps \

dns/bind9/distinfo

@@ -1,6 +1,6 @@
-MD5 (bind-9.3.4.tar.gz) = df5417e7e7cf017fa28b65d0a3d6e999
-SHA256 (bind-9.3.4.tar.gz) = 40152026af715b15ac958f374394e5189a099b562eb913470ccc43f6fbd19c21
-SIZE (bind-9.3.4.tar.gz) = 5405022
-MD5 (bind-9.3.4.tar.gz.asc) = ee4dd1a52b6285627cd33f16cfbb194f
-SHA256 (bind-9.3.4.tar.gz.asc) = 33440701c93495c58cf0b696f19ea767f3d23d7f9e655e7bd41345438081b189
-SIZE (bind-9.3.4.tar.gz.asc) = 479
+MD5 (bind-9.3.4-P1.tar.gz) = 51007c8f185cd5a9b2e57f70073bf25b
+SHA256 (bind-9.3.4-P1.tar.gz) = f5cf38954e9b973cda204ff13cfd6d433ac307a8e5c4e7f6d978483becda842c
+SIZE (bind-9.3.4-P1.tar.gz) = 5411370
+MD5 (bind-9.3.4-P1.tar.gz.asc) = 70498463dd86541efab8bcf6349c7f4c
+SHA256 (bind-9.3.4-P1.tar.gz.asc) = aca659a7d70486617a8a74d64a96b259368075133a5788671b435fd69aa2df28
+SIZE (bind-9.3.4-P1.tar.gz.asc) = 478