[LINK] DNS security

Roger Clarke Roger.Clarke at xamax.com.au
Thu Jul 31 07:36:42 AEST 2008


At 14:11 +0000 30/7/08, stephen at melbpc.org.au wrote:
>The NYTimes today .. does Link agree?
>".. use the domain name servers of .. OpenDNS (www.opendns.com)"

'Ask your ISP what they've done about it' seems to be the Link 
Institute's rather more constructive recommendation, right?


http://www.auscert.org.au/9546 of 8 July 2008 was the initial announcement?

http://www.auscert.org.au/render.html?it=9611 of 22 July reports the leak.

But there are lots of more specific reports:
http://www.auscert.org.au/search.html?search=search&search_type=reference&search_length=-1&search_keywords=AL-2008.0080

"For further information, see:"
http://www.kb.cert.org/vuls/id/800113
http://www.isc.org/sw/bind/forgery-resilience.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447
http://www.isc.org/sw/bind/docs/FAQ-about-random-query-issue.php

Generally, updated versions of BIND and BIND-derived software appear 
to have been tumbling out at a rapid rate during the last month.


-- 
Roger Clarke                  http://www.anu.edu.au/people/Roger.Clarke/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in Info Science & Eng  Australian National University
Visiting Professor in the eCommerce Program      University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW



More information about the Link mailing list