large organization nameservers sending icmp packets to dns servers.

Mark Andrews Mark_Andrews at
Fri Aug 10 05:07:32 UTC 2007

In article <200708100143.l7A1hNSY034263 at> you write:
>	I suspect that the origin of the myth that DNS/TCP is more
>	dangerous than DNS/UDP is that the first root expliot of
>	named was over TCP not UDP.  There were later exploits that
>	were UDP only which totally busted the myth but it continues
>	to live.
>	Mark

	Just to make it clear.  This was BIND 4/8 code and the bugs
	were addressed in the last millennia.

	To date there are no known root exploits for BIND 9.


More information about the NANOG mailing list