[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

Am Mittwoch, 9. Juli 2008 22:39 schrieb Rick Moen:
> Quoting Wolfgang Jeltsch (7o2lccqg@acme.softbase.org):
> > Am Mittwoch, 9. Juli 2008 20:51 schrieb Noah Meyerhans:
> > > > I suggest that you install bind9,

> […]

> > > > configure it to only listen on 127.0.0.1,
> >
> > How do I do this? dpkg-reconfigure doesn’t help.
>
> Although this will require a substantial investment of your time, I
> recommend studying
> http://www.cymru.com/Documents/secure-bind-template.html , to better
> understand how to properly configure and lock down BIND9.

Oh no. I just wanted to do a security update. I didn’t want to install bind9 
at all.

Short question: Is it sufficient if I use iptables with a stateful filter 
which only allows incoming packets if they are ESTABLISHED, RELATED or have 
an acceptable TCP destination port (like ssh or http)?  I do this anyway.

Best wishes,
Wolfgang
Reply to: