[dns-operations] BIND Security Advisory
Doug Barton
dougb at dougbarton.us
Tue Jul 28 23:36:27 UTC 2009
Tom Daly wrote:
>> A purely cache only server should not be affected. Being auth for
>> a single zone would make you be vulnerable.
>
> Some quick and dirty research/testing on our side indicates that
> being an authoritative slave doesn't make you vulnerable either, it
> is only if you are authoritative master, i.e.:
>
> zone blat.com { type master; ... };
Our (FreeBSD) testing indicates the same.
> Then again, if you choose to be RFC1912 compliant, you probably
> made yourself vulnerable.
Unfortunately for this issue I added 1912 plus a bunch of other
default zones to our default resolver config, so if you use our stuff
out of the box you are vulnerable.
Doug
More information about the dns-operations
mailing list