[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

Am Mittwoch, 9. Juli 2008 20:51 schrieb Noah Meyerhans:
> On Wed, Jul 09, 2008 at 06:10:51PM +0200, Wolfgang Jeltsch wrote:
> > > At this time, it is not possible to implement the recommended
> > > countermeasures in the GNU libc stub resolver.
> >
> > I don’t have bind9 installed.  Am I affected by the libc stub resolver
> > bug? 
> Yes.

Even if the bug is fixed in my provider’s DNS servers?

> > I suggest that you install bind9,

How do I tell bind9 what DNS servers to ask?  Is this also done by 
resolv.conf?  If yes, named would ask itself if is the first entry.

> > configure it to only listen on,

How do I do this? dpkg-reconfigure doesn’t help.

> > and add "nameserver" to resolv.conf before any 
> > other nameserver lines (since they're queried in order).

Shouldn’t I remove the other entries?  The other nameservers shouldn’t be 
contacted anymore, right?

Best wishes,

Reply to: