RE: Does blocking TCP DNS packets keep your Bind safe?

["Philip J. Koenig" <pjklist () ekahuna com>]

> From: "Loomis, Rip" <GILBERT.R.LOOMIS () saic com>
> Subject: RE: [fw-wiz] Does blocking TCP DNS packets keep your Bind safe?
> Date: Fri, 16 Mar 2001 23:20:55 -0500

[snippage]
 
> BTW, many of djb's other writings about BIND
> (specifically including your third URL) also contain
> factual errors which would appear to indicate
> that he is letting antagonism get in the way of
> his considerable intellect.[1]  I can go into them
> in detail if anyone cares, but please contact me
> off list so I don't waste everyone's bandwidth.
> The biggest one is that the TSIG/NXT BIND 8 bugs
> are due to the programming methods used in BIND
> 9...when they're actually symptoms of the reason
> why BIND 9 was a total re-write.


I have to say that it was also my impression when I first visited 
Dan's website that he has this "my way is the only way" kind of 
mentality which impacts his product's credibility in my eyes.

Also re: BIND vulnerabilities, let's not forget that they are also 
going to be afflicted with the "popularity handicap" which is to say, 
since there are probably 100x more servers out there in the world 
running BIND, the likelihood of seeing or finding bugs on the 
platform, and the level of interest for people to design exploits are 
both going to be way higher than for a relatively scarce product like 
djbdns.

None of that is to say that BIND hasn't had more than its share of 
exploitable bits, but just to put things into perspective a little.



Phil



--
Philip J. Koenig                                       pjklist () ekahuna com
Electric Kahuna Systems -- Computers & Communications for the New Millenium

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards