Re: Tinydns - cache poisoning?

To: debian-security@lists.debian.org
Subject: Re: Tinydns - cache poisoning?
From: Rick Moen <rick@linuxmafia.com>
Date: Wed, 30 Jul 2008 01:21:38 -0700
Message-id: <20080730082138.GW10437@linuxmafia.com>
In-reply-to: <389c58c40807292147h27ab8f4ge3c349e9dd310c08@mail.gmail.com>
References: <389c58c40807292147h27ab8f4ge3c349e9dd310c08@mail.gmail.com>

Quoting Stephen Vaughan (stephenvaughan@gmail.com):

> Does anyone know if TinyDNS is vulnerable to the dns cache poisoning
> exploit? 

The Kaminsky-publicised attack method applies _only_ to caching
recursive-resolver nameservers:  tinydns is an authoritative-only DNS
daemon, not a recursive resolver.  (DJB's caching recursive-resolver
module is dnscache, which was protected by his far-sighted decision to 
randomise source ports -- which has of course been vindicated by recent 
news.)

Notes on Linux-relevant nameservers in my bestiary of same might be
useful to you:  "DNS Servers" on http://linuxmafia.com/kb/Network_Other/

Reply to:

References:
- Tinydns - cache poisoning?
  - From: "Stephen Vaughan" <stephenvaughan@gmail.com>

Prev by Date: Re: Bug#492806: libavformat52: does not handle STR file demuxing (CVE-2008-3162)
Next by Date: snort-stat warnings
Previous by thread: Re: Tinydns - cache poisoning?
Next by thread: Re: Tinydns - cache poisoning?
Index(es):
- Date
- Thread