NT vs. Unix DNS
Art
art.mishurov at submitorder.com
Wed Apr 19 22:14:07 UTC 2000
Well, at least it is better than the following "workaround" (copied from
http://www.isc.org/products/BIND/bind-security-19991108.html):
##################################
Name: "nxt bug"
Versions affected: 8.2, 8.2 patchlevel 1, 8.2.1
Severity: CRITICAL
Exploitable: Remotely
Type: Access possible
Description:
A bug in the processing of NXT records can theoretically allow an attacker
to gain access to the system running the DNS server at whatever privilege
level the DNS server runs at.
Workarounds:
None.
Active Exploits:
At this time, ISC is unaware of any active exploits of this vulnerability
however given the potential access this vulnerability represents, it is
probable scripts will be created in the near future that make use of this
vulnerability. [Since the original writing of this alert, such scripts have
indeed been created. FYI. - ISC Webmaster]
#################################
The bottom line is that every product has its own drawbacks. The thing with
the open-source software is that you have the source code, but so do the
hackers. Of course, one can always argue that Microsoft creates bloated and
inefficient software.
- Art
Stephens, Bill <Bill.Stephens at fritolay.com> wrote in message
news:200004172224.SAA00270 at briar.org...
> Sure, the difference is simple. With BIND DNS, you have the source
> code, you can keep your DNS up to date, it is "the standard". Or, you can
> accept stuff like this as normal business (pay close attention to their
> standard "workaround"):
>
> WORKAROUND
> To avoid this problem, restart the server on a regular basis.
>
>
More information about the bind-users
mailing list