Re: bug #80888: dnrd: Multiple buffer overflows
- To: Drew Scott Daniels <umdanie8@cc.UManitoba.CA>
- Cc: 80888@bugs.debian.org, dnrd@egroups.com, Thomas Schoepf <schoepf@debian.org>, Matthew Grant <grantma@anathoth.gen.nz>, Brad Garcia <garsh@home.com>, <debian-release@lists.debian.org>, <debian-security@lists.debian.org>
- Subject: Re: bug #80888: dnrd: Multiple buffer overflows
- From: Florian Weimer <fw@deneb.enyo.de>
- Date: Tue, 06 May 2003 11:55:51 +0200
- Message-id: <87r87cxuu0.fsf@deneb.enyo.de>
- Mail-followup-to: Drew Scott Daniels <umdanie8@cc.UManitoba.CA>, 80888@bugs.debian.org, dnrd@egroups.com, Thomas Schoepf <schoepf@debian.org>, Matthew Grant <grantma@anathoth.gen.nz>, Brad Garcia <garsh@home.com>, <debian-release@lists.debian.org>, <debian-security@lists.debian.org>
- In-reply-to: <Pine.GSO.4.40.0305051530410.4247-100000@mira.cc.umanitoba.ca> (Drew Scott Daniels's message of "Mon, 5 May 2003 15:57:50 -0500 (CDT)")
- References: <Pine.GSO.4.40.0305051530410.4247-100000@mira.cc.umanitoba.ca>
Drew Scott Daniels <umdanie8@cc.UManitoba.CA> writes:
> This bug may be worked around (and therefore downgraded) by having a
> configuration to warn the user that they must trust the DNS servers
> (wherever this is configured), and must trust the users.
Are you sure that you only need to trust the DNS servers you contact,
and not the entire DNS system? Some resolvers perform incomplete
syntax checks on DNS packets. 8-(
Reply to: