nanog mailing list archives
Re: large organization nameservers sending icmp packets to dns servers.
From: Mark Andrews <Mark_Andrews () isc org>
Date: Sat, 11 Aug 2007 09:57:02 +1000
On 8/9/2007 at 10:07 PM, Mark Andrews <Mark_Andrews () isc org> wrote:In article <200708100143.l7A1hNSY034263 () drugs dv isc org> you write:I suspect that the origin of the myth that DNS/TCP is more dangerous than DNS/UDP is that the first root expliot of named was over TCP not UDP. There were later exploits that were UDP only which totally busted the myth but it continues to live. MarkJust to make it clear. This was BIND 4/8 code and the bugs were addressed in the last millennia. To date there are no known root exploits for BIND 9.Because who runs BIND as root anymore?
Lots of people. It's the only way you can handle some
events.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews () isc org
Current thread:
- Re: large organization nameservers sending icmp packets to dns servers., (continued)
- Message not available
- Re: large organization nameservers sending icmp packets to dns servers. Valdis . Kletnieks (Aug 06)
- Re: large organization nameservers sending icmp packets to dns servers. Patrick W. Gilmore (Aug 06)
- Re: large organization nameservers sending icmp packets to dns servers. Mark Andrews (Aug 09)
- Re: large organization nameservers sending icmp packets to dns servers. Crist Clark (Aug 10)
- Re: large organization nameservers sending icmp packets to dns servers. Mark Andrews (Aug 10)