Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Does blocking TCP DNS packets keep your Bind safe?

From: brian.sommers () cnalife com
Date: Mon, 12 Mar 2001 10:01:26 -0600
From what I've read of DNSSEC

<http://www.oreilly.com/catalog/dns4/chapter/ch11.html> it will increase
DNS messages to a size that will require TCP for delivery.

Brian

-----Original Message-----
From: Ben Nagy [mailto:ben.nagy () marconi com au]
Sent: Sunday, March 11, 2001 4:57 PM
To: firewall-wizards () nfr net
Subject: RE: [fw-wiz] Does blocking TCP DNS packets keep your Bind safe?


So, in summary:

Why not avoid seeing how much we can screw with stuff before it breaks and
just work on not having BIND suck? We need TCP responses. If your DNS server
can't handle them securely, get a NEW one. 

Personally, not using BIND is my solution at the moment. 

(Maybe the IETF's DNSSec stuff will make it aaaaaaalllll better?)

Cheers,

--
Ben Nagy
Network Security Specialist
Marconi Services Australia Pty Ltd
Mb: +61 414 411 520  PGP Key ID: 0x1A86E304


-----Original Message-----
From: John Adams [mailto:jna () retina net]
Sent: Saturday, 10 March 2001 12:52 
To: Don Kendrick
Cc: firewall-wizards () nfr net
Subject: Re: [fw-wiz] Does blocking TCP DNS packets keep your 
Bind safe?

[lots of stuff]
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: