[dns-operations] Client Side Issues

Jon Kibler Jon.Kibler at aset.com
Fri Jul 25 14:45:54 UTC 2008

Hash: SHA1


Okay, we have been flogging DNS *SERVER* issues to death for the last
couple of weeks. Now, I would like to switch sides and talk about client
side issues.

By default, all windows systems run a service call DNS Client. It is my
understanding that this is a caching resolver. Is this vulnerable? Has
Microsoft patched it? (I have never seen a need for this service, so for
a couple of years now, I have been advising my clients to disable this
service via a group policy.)

I have never really spent any time looking at the BIND light weight
resolver. Is is similar to the Windows DNS Client software? Are there
vulnerability issues with it?

I guess these questions really should be more general: What are the
client side issues to with this vulnerability, what should be done about
them, and are all the client side resolvers patched? ETCETERA.

Jon Kibler
- --
Jon R. Kibler
Chief Technical Officer
Advanced Systems Engineering Technology, Inc.
Charleston, SC  USA
o: 843-849-8214
c: 843-224-2494
s: 843-564-4224

My PGP Fingerprint is:
BAA2 1F2C 5543 5D25 4636 A392 515C 5045 CF39 4253

Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org


Filtered by: TRUSTEM.COM's Email Filtering Service
No Spam. No Viruses. Just Good Clean Email.

More information about the dns-operations mailing list