Vulnerable DNS servers, RFC
Brad Knowles
brad at stop.mail-abuse.org
Mon Oct 24 21:08:02 UTC 2005
At 10:35 PM +0200 2005-10-24, Andy Pieters wrote:
> I got a newsflash from The Register regarding
> http://www.theregister.co.uk/2005/10/24/dns_security_survey/
>
> Having a little nameserver myself, would it be possible for someone to
> "pharm" it?
If you follow the instructions at the bottom of that page, you
should be okay.
> ip->dns is only allowed on LAN, whereas the same bind also serves a
>small zone
> on the WAN (to allow lookups for the vlaamse-kern.com domain)
If you mix both caching and recursive functions on the same
process/machine, you may be vulnerable.
> Is there a possibility of bind, which runs in its chroot jail, of being
> poisoned and returning different ips for the vlaamse-kern.com instead of the
> ones from the zone file?
Follow the instructions on that page, and you should okay.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the bind-users
mailing list