Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver

To: debian-security@lists.debian.org
Subject: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
From: Florian Weimer <fw@deneb.enyo.de>
Date: Fri, 11 Jul 2008 12:01:27 +0200
Message-id: <878ww8oi2w.fsf@mid.deneb.enyo.de>
In-reply-to: <20080710201443.GC27889@kodama.kitenet.net> (Joey Hess's message of "Thu, 10 Jul 2008 16:14:43 -0400")
References: <87myks4886.fsf@mid.deneb.enyo.de> <200807091810.51330.7o2lccqg@acme.softbase.org> <20080709185123.GI14438@morgul.net> <87vdzdj4js.fsf@mid.deneb.enyo.de> <20080710201443.GC27889@kodama.kitenet.net>

* Joey Hess:

> IIRC Dan Kaminsky has been suggesting using opendns, which has fixed
> servers, if your ISPs server is not fixed. Won't using a third-party DNS
> server defeat any filtering your ISP does on their network, and allow the
> stub resolver to be spoofed?

I disagree with this recommendation.

Reply to:

References:
- Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Wolfgang Jeltsch <7o2lccqg@acme.softbase.org>
- Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Noah Meyerhans <noahm@debian.org>
- Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
  - From: Joey Hess <joeyh@debian.org>

Prev by Date: clamav-freshclam volatile VS python-clamav
Next by Date: Re: clamav-freshclam volatile VS python-clamav
Previous by thread: Re: [SECURITY] [DSA 1605-1] DNS vulnerability impact on the libc stub resolver
Next by thread: jacques ivanes souhaite chatter
Index(es):
- Date
- Thread