CVE-2012-1033 (Ghost domain names) mitigation
John Hascall
john at iastate.edu
Thu Feb 9 13:36:49 UTC 2012
> > Questions:
> > (1) It looks to me like if the ghost name is in our
> > DNS RPZ zone, then that 'fixes' the problem for
> > that name. Is this correct?
>
> Ghost domain could be redelegated to a new owner and become absolutely
> legal.
Caveat Emptor -- if you buy a former TDSS (or someother evil) domain,
that's just too bad.
> > (2) It also looks like restarting bind flushes the cache
> > and that prevents the repopulation of the local cache
> > with names which are ghosts (new different ghost names
> > could, of course, be created). Is this correct?
> AFAIK 'rndc flush' will do the same.
Thanks - we're doing a nightly restart for other reasons.
John
More information about the bind-users
mailing list