Multiple DNS implementations vulnerable to cache poisoning

Jay R. Ashworth jra at baylink.com
Wed Jul 9 13:16:53 UTC 2008


On Wed, Jul 09, 2008 at 04:39:49AM -0400, Jean-Fran?ois Mezei wrote:
> My DNS server made the various DNS requests from the same port and is
> thus vulnerable. (VMS TCPIP Services so no patches expected).

Well, yes, but unless I've badly misunderstood the situation, all
that's necessary to mitigate this bug is to interpose a non-buggy
recursive resolver between the broken machine and the Internet at
large, right?

So just make sure your corporate/campus edge router has a reasonable
named on it, and point everything broken at that, and you should be ok,
even though, as you note, DEC won't be updating VMS any time soon.  :-)

Cheers,
-- jr 'Compaq?  No, that's HP now, isn't it?' a
-- 
Jay R. Ashworth                   Baylink                      jra at baylink.com
Designer                     The Things I Think                       RFC 2100
Ashworth & Associates     http://baylink.pitas.com                     '87 e24
St Petersburg FL USA      http://photo.imageinc.us             +1 727 647 1274

	     Those who cast the vote decide nothing.
	     Those who count the vote decide everything.
	       -- (Joseph Stalin)




More information about the NANOG mailing list