[dns-operations] Clueless Major Backbone Provider

Jon Kibler Jon.Kibler at aset.com
Tue Jul 22 18:59:55 UTC 2008

Hash: SHA1


I have an 'interesting' situation. I have a client that is dependent
upon a major backbone provider for their recursive DNS services.
However, this provider appears to be next to clueless. They have put out
a notice to their customers which I will now quote in part -- with
vendor identification information deleted:

"On July 8, 2008, US-CERT issued a Technical Cyber Security Alert
TA08-190B with the title 'Multiple DNS implementations vulnerable to
cache poisoning.' ...

The DNS community has been aware of this vulnerability for some time.
CERT technical bulletin http://www.kb.cert.org/vuls/id/252735 issued in
July, 2007, identified this vulnerability but at the time no patches
were available from vendors.

[VENDOR] does not disclose the name of its DNS vendors as a security
measure but has implemented a preliminary patch that was available in
January, 2008. The latest patch for alert TA08-190B is currently being
tested ...

... the majority of [VENDOR]'s caching DNS infrastructures have load
balancers.  Load balancers decrease the risk significantly because
hackers are unable to target specific DNS servers."

   1) How would you address the claims that this vulnerability is the
same as the one from a year ago? (2nd paragraph)

   2) Does the use of load balancers decrease the risk as claimed?
(paragraph 4)

   Note in paragraph 3 the vendor says it does not disclose which name
servers that it uses, but in paragraph 2 gives a link that references
BIND name servers.

TIA for answers to questions.

Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253

Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.

More information about the dns-operations mailing list