Unsuitable for Forwarder use
Chris Richmond - MD6-FDC ~
crichmon at filc8046.fm.intel.com
Thu Apr 21 20:03:02 UTC 2005
In article <d48ime$1jki$1 at sf1.isc.org>,
List Account <my.klist at gmail.com> writes:
>I saw this on isc.org and am trying to confirm whether the problems
>we've been seeing are related.
>
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>If a name server -- any name server, whether BIND or otherwise -- is
>configured to use ``forwarders'', then none of the target forwarders
>can be running BIND4 or BIND8. Upgrade all name servers used as
>``forwarders'' to BIND9. There is a current, wide scale
>Kashpureff-style DNS cache corruption attack which depends on BIND4
>and BIND8 as ``forwarders'' targets.
>...
>=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
I can't answer this, but I've got an 8.4.6 server running on my
home router (comcast customer). I was forwarding to Comcast's
servers until a few days ago when they started messing around
with their network and killing me off. I simply removed the
forward list and I haven't had an issue since. I'm not
authorative for anything public and don't respond on the
public interface (firewalled and in named.conf).
Chris
--
Chris Richmond | I don't speak for Intel & vise versa
More information about the bind-users
mailing list