large organization nameservers sending icmp packets to dns servers.
Mark Andrews
Mark_Andrews at isc.org
Fri Aug 10 05:07:32 UTC 2007
In article <200708100143.l7A1hNSY034263 at drugs.dv.isc.org> you write:
>
> I suspect that the origin of the myth that DNS/TCP is more
> dangerous than DNS/UDP is that the first root expliot of
> named was over TCP not UDP. There were later exploits that
> were UDP only which totally busted the myth but it continues
> to live.
>
> Mark
Just to make it clear. This was BIND 4/8 code and the bugs
were addressed in the last millennia.
To date there are no known root exploits for BIND 9.
Mark
More information about the NANOG
mailing list