[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

Debian Security Team wrote:

At this time, it is not possible to implement the recommended
countermeasures in the GNU libc stub resolver.  The following
workarounds are available:

1. Install a local BIND 9 resolver on the host, possibly in
forward-only mode.

Uh .. is there any documentation on how to do that ? Although I run a BIND 9 nameserver I don't know how to extract the BIND 9 resolver from such a system (for use on other systems) - and there doesn't seem to be any actual stand-alone package for such a thing.

Also, which Debian systems would otherwise use the libc stub resolver ? All systems which *don't* have BIND installed ?

Cluebats welcome.

Nick Boyce
Leave the Olympics in Greece, where they belong.

Reply to: