This is a discussion on Re: [bind] Re: The worst thing about the exploit -- Have you done your part? - DNS ; I'm running DNS for my company that only has 35 computers "because I can." I have enabled views, and recursion is off for the "all" group, while it is enabled for the "local" group. My BIND installation is on an ...
I'm running DNS for my company that only has 35 computers "because I
I have enabled views, and recursion is off for the "all" group, while
it is enabled for the "local" group.
My BIND installation is on an OS X server, so manually updating can
get ugly. We're talking LOW load here. 5,000 requests a day. MAYBE.
Question: Am I safe from this issue, or should I just wholesale
forward everything to opendns and drop internal DNS?
Is un-patched recursion at ANY point dangerous or just external
On Jul 27, 2008, at 3:25 PM, Tuc at T-B-O-H.NET wrote:
>> On the other hand, I posted about this on a hardened Linux mailing
>> list, and received only ridicule and scorn in return. A security
>> professional who claims over 3 decades of Internet experience led the
>> charge, calling me paranoid and an alarmist. He specifically claimed
>> that, since he doesn't operate a resolving name server (he uses his
>> ISP, who have not patched their name servers as of my last check),
>> since his authoritative name servers are all PowerDNS, he has nothing
>> to worry about, so why was I bothering the list with this irrelevant
>> All to say, don't expect it to necessarily be easy to convince people
>> this is a real problem.
>> (I've had better experiences elsewhere. And all of my friends and
>> family whose ISP's are not updated are using opendns.com.)
> People have also said "Well, wait until the news outlets get a
> hold of this, it'll be bigger than any movie stars baby, any
> scandal, etc". Well, I've seen it on 2 different news sites, with it
> giving a "dooms day" feel to it.... And.... Seems its just not getting
> anyones attention. The ISP I'm on (MAJOR cable co) still hasn't seemed
> to make the change or done anything about it.
> I guess someone needs to poison a few large DNS servers and
> start stealing credit cards and eBay/Paypal/Y!/Gmail id/passes for it
> to get anyones attention.