CVE-2012-1033 (Ghost domain names) mitigation
cet1 at cam.ac.uk
Thu Feb 9 15:48:47 UTC 2012
On Feb 9 2012, Peter Andreev wrote:
>2012/2/9 John Hascall <john at iastate.edu>
>> (2) It also looks like restarting bind flushes the cache
>> and that prevents the repopulation of the local cache
>> with names which are ghosts (new different ghost names
>> could, of course, be created). Is this correct?
>AFAIK 'rndc flush' will do the same.
If you know the domain name in question, "rndc flushname ghost.example"
should be enough. (BIND 9.9 has "rndc flushtree" as well, but I think
clobbering the cached NS records for the ghost domain should be enough.)
Email: cet1 at cam.ac.uk
More information about the bind-users