[dns-operations] CVE 2015-8000 actively exploited yesterday

Matthew Ghali mghali at snark.net
Thu Dec 17 01:42:42 UTC 2015


Every Ops team has their favorite way to monitor processes/services. This is a separate facility than the name server daemon, and should be distributed separately. Trying to jam them together will never make more than 3% of the audience happy, yet annoy another 66%.

matto


> On Dec 16, 2015, at 3:50 PM, Nick Urbanik <nick.urbanik at optusnet.com.au> wrote:
> 
> BIND really needs to have a better strategy to dealing with unexpected
> input other than by dying.  Perhaps the assumption is that everyone is
> using some kind of script that checks it's running, and if not,
> restarts it.  If that is the case, that should be explicitly stated,
> and made policy for packagers, such as Red Hat.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4103 bytes
Desc: not available
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20151216/9fc39f6c/attachment.bin>


More information about the dns-operations mailing list