Michael Bevilacqua on 5 Mar 2009 13:48:59 -0800

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] IT: Dan Bernstein Confirms Security Flaw In Djbdns

On Thu, Mar 5, 2009 at 4:07 PM, JP Vossen <jp@jpsdomain.org> wrote:

[1] http://securityandthe.net/2009/03/05/security-issue-in-djbdns-confirmed/
[2] http://en.wikipedia.org/wiki/DNS_cache_poisoning
[3] http://www.your.org/dnscache/djbdns.pdf
[4] http://marc.info/?l=djbdns&m=123554945710038
[5] http://twitter.com/dakami/status/1260880457

Also:  http://article.gmane.org/gmane.network.djbdns/13864

Note that, with my presentations on DJBDNS, I have never suggested anyone use AXFRDNS for this very possibility (and it is noted in DJB's documentation as well). But wow, what an amazing find huh? That's some good security hacking.


Michael D. Bevilacqua
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug