Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Am Mittwoch, 9. Juli 2008 20:51 schrieb Noah Meyerhans:
> On Wed, Jul 09, 2008 at 06:10:51PM +0200, Wolfgang Jeltsch wrote:
> > > At this time, it is not possible to implement the recommended
> > > countermeasures in the GNU libc stub resolver.
> > I don’t have bind9 installed. Am I affected by the libc stub resolver
> > bug?
Even if the bug is fixed in my provider’s DNS servers?
> > I suggest that you install bind9,
How do I tell bind9 what DNS servers to ask? Is this also done by
resolv.conf? If yes, named would ask itself if 127.0.0.1 is the first entry.
> > configure it to only listen on 127.0.0.1,
How do I do this? dpkg-reconfigure doesn’t help.
> > and add "nameserver 127.0.0.1" to resolv.conf before any
> > other nameserver lines (since they're queried in order).
Shouldn’t I remove the other entries? The other nameservers shouldn’t be
contacted anymore, right?