DNS Cache Snooping?

Adam Tkac atkac at redhat.com
Tue Jun 24 13:55:57 UTC 2008

On Tue, Jun 24, 2008 at 09:34:57AM -0400, Jeff Lightner wrote:
> Thanks.  I'd pretty much come to that conclusion based on my searches.
> I guess that means the link even though it is on ISC's site is
> incorrect.
> FYI:  
> Current RHEL5 bind-chroot (and other bind packages) version is
> 9.3.4-6.P1.el5.   It was updated within the last month.  It includes a
> fix for CVE-2008-0122.   I had installed a new server a week or so ago
> and got this in the yum update.   Yesterday I updated my other server to
> this version specifically because there was a scan hit on CVE-2008-0122.
> That scan was based on BIND version so would still peg this but the
> details at RHN confirm the fix was added by RedHat to the 9.3.4-6 P1.
> Does setting to max-cache-ttl instead to a low value help remediate the
> DNS cache snooping? 


did you try set "recursion no;" in your external view? I didn't test
it but it might help.


Adam Tkac, Red Hat, Inc.

More information about the bind-users mailing list