Bugtraq mailing list archives
bind security: fear, uncertainty, and doubts
From: vixie () VIX COM (Paul A Vixie)
Date: Mon, 28 Jul 1997 21:56:09 -0700
if you don't enable updates for a zone, or you enable them only from hosts within an intelligent (source routing prohibited, source addresses checked) firewall, bind is immune to the "bind_nuke" attack published here recently. updates aren't on by default, and according to rfc 2136 dns updates are not recommended except from "localhost" which is assumed to be secure. (though i wish that more system vendors would disallow source-address 127.0.0.1 from coming in off the network.) for this reason we have not published a patch to bind-8.1.1. i expect that we will put bind-8.1.2 into beta testing in a few weeks. (note that we still won't have support for rfc 2137 or TSIG; if any system vendors would like to fund that effort, we'd love to work on it.) mountain. molehill.
Current thread:
- Multiply bugs in MH-6.8.3 (Mail Handler program) Matt Conover (Jul 26)
- Re: Multiply bugs in MH-6.8.3 (Mail Handler program) nolander () NOLANDER PP SE (Jul 28)
- Re: Multiply bugs in MH-6.8.3 (Mail Handler program) Alan Cox (Jul 28)
- Re: Multiply bugs in MH-6.8.3 (Mail Handler program) Matt Conover (Jul 28)
- bind security: fear, uncertainty, and doubts Paul A Vixie (Jul 28)
- Re: Multiply bugs in MH-6.8.3 (Mail Handler program) nolander () NOLANDER PP SE (Jul 28)