The DNS Drama

Dan’s Seattle Toorcon 0day keeps going and going and going and going.

If you’re looking for details, the details that were leaked, confirmed, retracted, and denied, here’s a description and a mirror.

So if you run your own DNS, upgrade already as you should have some time ago when you were first told to do so.

Perhaps I will switch to OpenDNS after all. In fact, I should have done this a while ago on most of the nets I deal with routinely.

The commentary in this posting is rather interesting as well. If you don’t trust OpenDNS, and I can’t say that I blame you, a comment poses a worthy option:

  1. I run a local dns server that randomizes source ports whose network facing NAT does not derandomize source ports.
  2. My local server resolves through the root servers. The queries are sent to a random root.
  3. I limit my dns server to strictly use TCP queries and not to use UDP for queries.

Update:

Metasploit code now jupes entire domains.

This entry was written by Ian Gorrie and posted on July 23, 2008 at 1:03 am and filed under Information Security, Internet. Bookmark the permalink. Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*