phoning home
Paul Vixie
vixie at isc.org
Sun Jun 12 18:40:55 UTC 2011
> Date: Sun, 12 Jun 2011 11:18:38 +0200
> From: Jan-Piet Mens <jpmens.dns at gmail.com>
>
> > Not sure how CLAMAV is finding out about newer versions.
>
> It is indeed a DNS query for a TXT record:
this is slightly tamer than what i'm going to propose for BIND. i want to
be able to send a specific message saying "CERT VU# xyz" if someone is running
a known-vulnerable version. DNSSEC now makes this practical. but it would
be an information leak, since the version number would be part of the QNAME.
More information about the bind-workers
mailing list