Multiple DNS implementations vulnerable to cache poisoning

popowich

EQ Forum Admin
Staff member
Hello,

Are you aware of the recent security updates needed for the bind package?

The Domain Name System (DNS) is responsible for translating host names to IP addresses (and vice versa) and is critical for the normal operation of internet-connected systems. DNS cache poisoning (sometimes referred to as cache pollution) is an attack technique that allows an attacker to introduce forged DNS information into the cache of a caching nameserver. DNS cache poisoning is not a new concept; in fact, there are published articles that describe a number of inherent deficiencies in the DNS protocol and defects in common DNS implementations that facilitate DNS cache poisoning
Are you DNS resolvers up to date? More information can be found here.

The upgrades themselves are easy enough, but I had some slight trouble with a few servers at work due to the firewall requirements needed for allowing the new ports needed.

-Raymond
 

yukon

Valued Member
very interesting . . . Yes I was aware of it. Contrary to my and the other engineer's preference we don't run our own DNS here, in fact we manage well over 100 servers (consisting of RH, w2k3, and Solaris) via host files. Its been a thorn in my side since I started here last Feb, and its on my "if we ever get up with projects, stuff I'd like to do list."

That's interesting about the FW, I had no idea any new ports were required . . . I'll have to look into it in greater detail, thanks for the heads up.
 

popowich

EQ Forum Admin
Staff member
The firewalling that was in place in many markets could not be configured to correctly allow the more secure random source ports config. I had been using a static source port. Unfortunately the devices providing the firewalling were not firewall devices. Once I got the problem servers upgraded and put up some server side firewalls that could do the firewalling correctly I was all set. For me not all of my servers are physically where I am so it's a little bit of a pain in the butt to do OS upgrades and such.

-Raymond
 

Similar threads

Top