[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

Florian Weimer wrote:
> On the hand, if you don't build a network of your own, and your ISP
> properly filters their Internet connection and their customer interfaces
> to stop source address spoofing, it's not possible forge DNS traffic
> which claims to come from the ISP resolver.  (Since the addresses
> involved are theirs, they can actually do it--globally, on the whole
> Internet, it's much more difficult.)

IIRC Dan Kaminsky has been suggesting using opendns, which has fixed
servers, if your ISPs server is not fixed. Won't using a third-party DNS
server defeat any filtering your ISP does on their network, and allow the
stub resolver to be spoofed?

see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to: