North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: large organization nameservers sending icmp packets to dns servers.

  • From: Mark Andrews
  • Date: Fri Aug 10 01:08:29 2007

In article <[email protected]> you write:
>
>	I suspect that the origin of the myth that DNS/TCP is more
>	dangerous than DNS/UDP is that the first root expliot of
>	named was over TCP not UDP.  There were later exploits that
>	were UDP only which totally busted the myth but it continues
>	to live.
>
>	Mark

	Just to make it clear.  This was BIND 4/8 code and the bugs
	were addressed in the last millennia.

	To date there are no known root exploits for BIND 9.

	Mark