CVE-2012-1033 (Ghost domain names) mitigation

Matus UHLAR - fantomas uhlar at
Mon Feb 13 10:17:09 UTC 2012

On 09.02.12 11:43, Lyle Giese wrote:
>This is just my opinion, but this is not a bug.  It's the side effect 
>of a desirable feature called caching.

It's a design flaw - you cache something forever, even if case you 
should not do it. The cache time is given and we should not expand it, 
for valid reasons.

>Yea, we can brainstorm how to mitigate the effect, but in order to 
>mitigate a problem, we have to know that there is a problem(revoked 
>or bad domain).

I think that the described draft seems to solve the problem.

Matus UHLAR - fantomas, uhlar at ;
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
M$ Win's are shit, do not use it !

More information about the bind-users mailing list