Dan’s Seattle Toorcon 0day keeps going and going and going and going.
If you’re looking for details, the details that were leaked, confirmed, retracted, and denied, here’s a description and a mirror.
So if you run your own DNS, upgrade already as you should have some time ago when you were first told to do so.
Perhaps I will switch to OpenDNS after all. In fact, I should have done this a while ago on most of the nets I deal with routinely.
The commentary in this posting is rather interesting as well. If you don’t trust OpenDNS, and I can’t say that I blame you, a comment poses a worthy option:
- I run a local dns server that randomizes source ports whose network facing NAT does not derandomize source ports.
- My local server resolves through the root servers. The queries are sent to a random root.
- I limit my dns server to strictly use TCP queries and not to use UDP for queries.
Update:
Metasploit code now jupes entire domains.
Bad Penny 
Great reeading your post