Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Incoming from Micah Anderson:
> * s. keeling <email@example.com> [2008-07-09 17:31-0400]:
> > Micah Anderson <firstname.lastname@example.org>:
> > > * Wolfgang Jeltsch <email@example.com> [2008-07-09 13:31-0400]:
> > > > > > configure it to only listen on 127.0.0.1,
> > > >
> > > > How do I do this? dpkg-reconfigure doesn?t help.
> > >
> > > I think the bind9 package comes configured this way by default in
> > > Debian (a caching-only local nameserver).
> > If that's what the OP requires, maradns provides that, and a lot
> > simpler.
> What could be more simpler than apt-get install bind9?
... followed by configuring it for (assumed, worst case) his
particular Franken-network situation. I've fought with bind numerous
times before, and didn't enjoy it.
If all he needs is caching-only local, that's what maradns is for.
I'm not dissing bind*. I'm just suggesting maradns's simpler, and
possibly apropos in OP's situation.
I could be wrong though; the start of this thread recedes into the
depths of time ... and I may have missed important details.
Any technology distinguishable from magic is insufficiently advanced.
(*) Please don't Cc: me.