Updating BIND 8.2.7 for cache poisoning
Brad Knowles
brad at stop.mail-abuse.org
Tue Aug 9 02:05:11 UTC 2005
At 10:12 AM +0900 2005-08-09, John Kim wrote:
> I would like to know how weak BIND 8.2.7 is for cache poisoning.
All versions of BIND-8 are vulnerable to some forms of attack.
More recent versions are less vulnerable to the older methods, but
still vulnerable to the newer ones.
That's part of why BIND-9 was done as a ground-up rewrite, not
sharing a single line of code -- to avoid the potential security
implications.
> Which BIND version is not only safe for cache poisoning but also similar
> to BIND 8.2.7.
Well, BIND 8.4.6 is the most recent release of BIND-8, but even
that is likely to have any number of weaknesses which have not yet
been known to be exploited. All versions of BIND-8 will be
vulnerable to the "forwarders" attack, as mentioned at
<http://www.isc.org/sw/bind/bind8.php>.
You really should be upgrading to BIND-9. In fact, you should
have done it a long time ago. See the list of all publicly known
BIND vulnerabilities at
<http://www.isc.org/sw/bind/bind-security.php>.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the bind-users
mailing list