large organization nameservers sending icmp packets to dns servers.

Mark Andrews Mark_Andrews at isc.org
Fri Aug 10 23:57:02 UTC 2007


> >>> On 8/9/2007 at 10:07 PM, Mark Andrews <Mark_Andrews at isc.org> wrote:
> 
> > In article <200708100143.l7A1hNSY034263 at drugs.dv.isc.org> you write:
> >>
> >>	I suspect that the origin of the myth that DNS/TCP is more
> >>	dangerous than DNS/UDP is that the first root expliot of
> >>	named was over TCP not UDP.  There were later exploits that
> >>	were UDP only which totally busted the myth but it continues
> >>	to live.
> >>
> >>	Mark
> > 
> > 	Just to make it clear.  This was BIND 4/8 code and the bugs
> > 	were addressed in the last millennia.
> > 
> > 	To date there are no known root exploits for BIND 9.
> 
> Because who runs BIND as root anymore?

	Lots of people.  It's the only way you can handle some
	events.

	Mark
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org



More information about the NANOG mailing list