Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

To: Henrique de Moraes Holschuh <hmh@debian.org>
Cc: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
From: Florian Weimer <fw@deneb.enyo.de>
Date: Thu, 10 Jul 2008 14:36:18 +0200
Message-id: <87y749j4ql.fsf@mid.deneb.enyo.de>
In-reply-to: <20080709014354.GA32114@khazad-dum.debian.net> (Henrique de Moraes Holschuh's message of "Tue, 8 Jul 2008 22:43:54 -0300")
References: <87myks4886.fsf@mid.deneb.enyo.de> <20080709014354.GA32114@khazad-dum.debian.net>

* Henrique de Moraes Holschuh:

> 3. Install lwresd from an updated BIND9, install libnss-lwres, and replace
> "dns" with "lwres" in /etc/nsswitch.conf.   Make sure to restart lwres when
> /etc/resolv.conf changes.

lwresd is far less-tested than BIND, and tweaking the NSS configuration
is something few people like to do.

Reply to:

Follow-Ups:
- Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Rick Moen <rick@linuxmafia.com>

References:
- Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Next by Date: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Previous by thread: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Next by thread: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Index(es):
- Date
- Thread