marcs at znep.com
Sat Aug 15 06:44:25 UTC 1998
On Sat, 15 Aug 1998, David R. Conrad wrote:
> >Oh, and make everyone upgrade their version of BIND. Unfortunately, far
> >too many people refuse even when they know their whole world can be messed
> >up by a broken nameserver or two unless they upgrade.
> Yeah. What he said. Upgrade. Please.
> See http://www.cert.org/advisories/CA-98.05.bind_problems.html for a few
> good reasons.
To summarize for lazy people (since others would have upgraded
already...): your DNS is vulnerable to manipulation (both on purpose and
by accident; this is _NOT_ some rare thing, but happens more and more),
the machine you run BIND on is vulnerable to root compromises, your job is
While we are on the topic, are there any known cache pollution problems
with 4.9.7 that are fixed in 8.x?
I had thought that those problems were fixed in 4.9.7 but I keep think I
seeing other people's 4.9.7 machines vulnerable to them.
More information about the NANOG