User: Password:
Subscribe / Log in / New account

Secrecy and the DNS flaw

Secrecy and the DNS flaw

Posted Jul 11, 2008 23:48 UTC (Fri) by stock (guest, #5849)
Parent article: Secrecy and the DNS flaw

The solution is apparently to start used random selected UDP source 
ports on the nameserver when answering to DNS requests. Well the new 
problem has with this solution already been created : "Vulnerability in 
IANA root servers, servers go down after UDP port storm." 
The only sensible solution is to create a hierarchical slaves.conf 
access list. WHO are allowed recursive access to higher up bind 
servers?  Besides selection using ip-numbers, one can also be awarded 
with a valid DNS SEC hmac-md5 key. Ok I know this is Big Brother style 
stuff. But i don't know of any DNS hackers who like to leave their 
identity inside nameserver logs. 

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds