Jul
27
Dan Kaminski discovered flaw in foundations of internet – DNS servers. Even he kept silence about the details exploit was published on internet. So if you want to be safe visit his blog to check your DNS servers.
Without them everyone should maintain their own hosts name linking IP address and FQDN (fully qualified domain name such as “blog.hbcom.info” or “www.google.com”). For more information about DNS system check here.
There is a lot of discussions on internet. Just a sample of them:
Recovered for Internet Archive Link: http://blogs.zdnet.com/security/?p=1546
(Thank you Rachel for the tip.)
http://rdist.root.org/2008/07/21/dns-novice-discovers-secret-flaw/
and many more…
For me is unclear how this flaw affects the users behind caching only server. My understanding is that for cache to be poisoned it should accept the request first. So it could be done only from insiders. So majority of users are not affected. And the flaw affects more ISP’s and other similar setups.
Also we (users) should have more explanations since it seems that all patches only randomize the source port of the request. If this is the solution there is no need to apply patch just change the configuration to randomize he ports.
Note: This is serious flaw and nothing could guaranteed.
[…] News » News News DNS bug2008-07-27 11:19:33- DNS servers. Even he kept silence about the details exploit was published on […]