Results 1 to 1 of 1

Thread: Dan Kaminsky Discovers Fundamental Issue In DNS

  1. #1

    Dan Kaminsky Discovers Fundamental Issue In DNS

    Hi,

    Do you have or intend to have a fix concerning this dreadful subject?

    Dan Kaminsky Discovers Fundamental Issue In DNS: Massive Multivendor Patch Released

    [URL="http://securosis.com/2008/07/08/dan-kaminsky-discovers-fundamental-issue-in-dns-massive-multivendor-patch-released/"]



    And please check the dnsmasq Changelog [http://www.thekelleys.org.uk/dnsmasq/CHANGELOG]:

    version 2.43 [11-Jul-2008]:


    ...

    Implement random source ports for interactions with upstream nameservers. New spoofing attacks have been found against nameservers which do not do this, though it is not clear if dnsmasq is vulnerable, since to doesn't implement recursion. By default dnsmasq will now use a different source port (and socket) for each query it sends upstream. This behaviour can suppressed using the --query-port option, and the old default behaviour restored using --query-port=0. Explicit source-port specifications in --server configs are still honoured. Replace the random number generator, for better security. On most BSD systems, dnsmasq uses the arc4random() RNG, which is secure, but on other platforms, it relied on the C-library RNG, which may be guessable and therefore allow spoofing. This release replaces the libc RNG with the SURF RNG, from Daniel J. Berstein's DJBDNS package.
    Last edited by cmbe; 27-08-2008 at 15:52.

Similar Threads

  1. DNS geht plötzlich nicht mehr!
    By wary in forum German Discussion - Deutsch (DE)
    Replies: 3
    Last Post: 22-06-2008, 12:05
  2. DNS resolver problem
    By lukasik in forum WL-500gP Q&A
    Replies: 6
    Last Post: 20-03-2008, 09:45

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •