The DNS Drama

Dan’s Seattle Toorcon 0day keeps going and going and going and going.

If you’re looking for details, the details that were leaked, confirmed, retracted, and denied, here’s a description and a mirror.

So if you run your own DNS, upgrade already as you should have some time ago when you were first told to do so.

Perhaps I will switch to OpenDNS after all. In fact, I should have done this a while ago on most of the nets I deal with routinely.

The commentary in this posting is rather interesting as well. If you don’t trust OpenDNS, and I can’t say that I blame you, a comment poses a worthy option:

  1. I run a local dns server that randomizes source ports whose network facing NAT does not derandomize source ports.
  2. My local server resolves through the root servers. The queries are sent to a random root.
  3. I limit my dns server to strictly use TCP queries and not to use UDP for queries.

Update:

Metasploit code now jupes entire domains.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s