Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

To: Florian Weimer <fw@deneb.enyo.de>
Cc: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
From: Henrique de Moraes Holschuh <hmh@debian.org>
Date: Thu, 10 Jul 2008 10:23:53 -0300
Message-id: <20080710132353.GA1346@khazad-dum.debian.net>
In-reply-to: <87y749j4ql.fsf@mid.deneb.enyo.de>
References: <87myks4886.fsf@mid.deneb.enyo.de> <20080709014354.GA32114@khazad-dum.debian.net> <87y749j4ql.fsf@mid.deneb.enyo.de>

On Thu, 10 Jul 2008, Florian Weimer wrote:
> * Henrique de Moraes Holschuh:
> > 3. Install lwresd from an updated BIND9, install libnss-lwres, and replace
> > "dns" with "lwres" in /etc/nsswitch.conf.   Make sure to restart lwres when
> > /etc/resolv.conf changes.
> 
> lwresd is far less-tested than BIND, and tweaking the NSS configuration
> is something few people like to do.

Indeed it is far less tested, it doesn't even work well out-of-the-box in
Debian because nobody did the integration work.  But it IS an alternative
people often forget.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to:

References:
- Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Next by Date: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Previous by thread: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Next by thread: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Index(es):
- Date
- Thread