[LINK] DNS security
Roger Clarke
Roger.Clarke at xamax.com.au
Thu Jul 31 07:36:42 AEST 2008
At 14:11 +0000 30/7/08, stephen at melbpc.org.au wrote:
>The NYTimes today .. does Link agree?
>".. use the domain name servers of .. OpenDNS (www.opendns.com)"
'Ask your ISP what they've done about it' seems to be the Link
Institute's rather more constructive recommendation, right?
http://www.auscert.org.au/9546 of 8 July 2008 was the initial announcement?
http://www.auscert.org.au/render.html?it=9611 of 22 July reports the leak.
But there are lots of more specific reports:
http://www.auscert.org.au/search.html?search=search&search_type=reference&search_length=-1&search_keywords=AL-2008.0080
"For further information, see:"
http://www.kb.cert.org/vuls/id/800113
http://www.isc.org/sw/bind/forgery-resilience.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
http://www.isc.org/sw/bind/docs/FAQ-about-random-query-issue.php
Generally, updated versions of BIND and BIND-derived software appear
to have been tumbling out at a rapid rate during the last month.
--
Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in Info Science & Eng Australian National University
Visiting Professor in the eCommerce Program University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
More information about the Link
mailing list