Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
On Thu, 10 Jul 2008, Florian Weimer wrote:
> * Henrique de Moraes Holschuh:
> > 3. Install lwresd from an updated BIND9, install libnss-lwres, and replace
> > "dns" with "lwres" in /etc/nsswitch.conf. Make sure to restart lwres when
> > /etc/resolv.conf changes.
> lwresd is far less-tested than BIND, and tweaking the NSS configuration
> is something few people like to do.
Indeed it is far less tested, it doesn't even work well out-of-the-box in
Debian because nobody did the integration work. But it IS an alternative
people often forget.
"One disk to rule them all, One disk to find them. One disk to bring
them all and in the darkness grind them. In the Land of Redmond
where the shadows lie." -- The Silicon Valley Tarot