Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
From: Nick Boyce <nick@glimmer.demon.co.uk>
Date: Wed, 09 Jul 2008 03:55:27 +0000
Message-id: <487436AF.70707@glimmer.demon.co.uk>
In-reply-to: <87myks4886.fsf@mid.deneb.enyo.de>
References: <87myks4886.fsf@mid.deneb.enyo.de>

Debian Security Team wrote:

At this time, it is not possible to implement the recommended
countermeasures in the GNU libc stub resolver.  The following
workarounds are available:

1. Install a local BIND 9 resolver on the host, possibly in

forward-only mode.

Uh .. is there any documentation on how to do that ? Although I run aBIND 9 nameserver I don't know how to extract the BIND 9 resolver fromsuch a system (for use on other systems) - and there doesn't seem to beany actual stand-alone package for such a thing.

Also, which Debian systems would otherwise use the libc stub resolver ?All systems which *don't* have BIND installed ?


Cluebats welcome.

Cheers
Nick Boyce
--
Leave the Olympics in Greece, where they belong.

Reply to:

Prev by Date: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Next by Date: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Previous by thread: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Next by thread: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Index(es):
- Date
- Thread