LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Pencil, Pencil, and Pencil

Dividing the Linux desktop

LWN.net Weekly Edition for June 13, 2013

A report from pgCon 2013

Little things that matter in language design

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Secrecy and the DNS flaw

Secrecy and the DNS flaw

Posted Jul 11, 2008 23:48 UTC (Fri) by stock (guest, #5849)
Parent article: Secrecy and the DNS flaw 

The solution is apparently to start used random selected UDP source 
ports on the nameserver when answering to DNS requests. Well the new 
problem has with this solution already been created : "Vulnerability in 
IANA root servers, servers go down after UDP port storm." 
 
The only sensible solution is to create a hierarchical slaves.conf 
access list. WHO are allowed recursive access to higher up bind 
servers?  Besides selection using ip-numbers, one can also be awarded 
with a valid DNS SEC hmac-md5 key. Ok I know this is Big Brother style 
stuff. But i don't know of any DNS hackers who like to leave their 
identity inside nameserver logs.

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds