-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Rob Tanner wrote:
> Or, at least that's what it looks like.
> Last nigh (Oct 28) we were barraged by thousands of emails with a return
> path of facebookmail.com. Our MTA checks the return path of each
> incoming message so as to reject anything that can't be replied to.
> That, of course, requires a DNS lookup but every attempt to lookup
> facebookmail.com timed out and when I flushed the cache, it would
> resolve for a short while and then hang again until a again flushed my
> cache. This effectively brought both of my email edge servers to their
> knees as all the SMTP connections were tied up while the server was
> waiting on DNS.
>
> I upgraded back in July when the major security bug was discovered and
> my name servers all run BIND 9.5.0-P1. I know there were a couple of
> Windows specific updates since then which I ignored because I'm running
> on Linux. Is that version otherwise at risk and do I need to update for
> security reasons?


i'm not expert about ISC's bind program. however, let me say this, a few
weeks ago my advisor for DNS recommended for using DNSSEC
. he emphasized it's the best
practice against for the attack of DNS cache poisoning. and now i'm
studying about that ..;;

byunghee
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (FreeBSD)

iEYEARECAAYFAkkI8yIACgkQsCouaZaxlv60NgCfUy6PaQYhPY EWfStYlyKKMYrP
XY4An1SgOg0XWQuXYi3QtuthNYP6YYaI
=V/gI
-----END PGP SIGNATURE-----