North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: DNS Headaches.
On Sat, 15 Aug 1998, David R. Conrad wrote: > Hi, > > >Oh, and make everyone upgrade their version of BIND. Unfortunately, far > >too many people refuse even when they know their whole world can be messed > >up by a broken nameserver or two unless they upgrade. > > Yeah. What he said. Upgrade. Please. > > See http://www.cert.org/advisories/CA-98.05.bind_problems.html for a few > good reasons. To summarize for lazy people (since others would have upgraded already...): your DNS is vulnerable to manipulation (both on purpose and by accident; this is _NOT_ some rare thing, but happens more and more), the machine you run BIND on is vulnerable to root compromises, your job is vulnerable. While we are on the topic, are there any known cache pollution problems with 4.9.7 that are fixed in 8.x? I had thought that those problems were fixed in 4.9.7 but I keep think I seeing other people's 4.9.7 machines vulnerable to them.