Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
From: Rick Moen <rick@linuxmafia.com>
Date: Thu, 10 Jul 2008 09:14:07 -0700
Message-id: <20080710161407.GE21975@linuxmafia.com>
In-reply-to: <87y749j4ql.fsf@mid.deneb.enyo.de>
References: <87myks4886.fsf@mid.deneb.enyo.de> <20080709014354.GA32114@khazad-dum.debian.net> <87y749j4ql.fsf@mid.deneb.enyo.de>

Quoting Florian Weimer (fw@deneb.enyo.de):

> lwresd is far less-tested than BIND, and tweaking the NSS configuration
> is something few people like to do.

Incidentally, the documentation for nss_lwres suggests the following
entry in /etc/nsswitch.conf, for Linux systems installing lwresd:
"hosts: files lwres [NOTFOUND=return] dns"

I had somehow missed lwresd's existence entirely, when I built my
catalogue of DNS nameserver implementations for Linux
(http://linuxmafia.com/faq/Network_Other/dns-servers.html), so I've 
just written an entry, furnishing the above and other suggestions /
comments.  (Entry may have errors, as I've not yet experimented with
lwresd, only read about it.)

Reply to:

References:
- Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Next by Date: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Previous by thread: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Next by thread: Sell Cisco Systems equipment items
Index(es):
- Date
- Thread