[98531] in North American Network Operators' Group
Re: large organization nameservers sending icmp packets to dns servers.
daemon@ATHENA.MIT.EDU (Mark Andrews)
Fri Aug 10 20:15:27 2007
Cc: nanog@merit.edu
From: Mark Andrews <Mark_Andrews@isc.org>
In-reply-to: Your message of "Fri, 10 Aug 2007 16:12:18 MST."
<46BC8E61.8C45.0097.0@globalstar.com>
Date: Sat, 11 Aug 2007 09:57:02 +1000
Errors-To: owner-nanog@merit.edu
> >>> On 8/9/2007 at 10:07 PM, Mark Andrews <Mark_Andrews@isc.org> wrote:
>
> > In article <200708100143.l7A1hNSY034263@drugs.dv.isc.org> you write:
> >>
> >> I suspect that the origin of the myth that DNS/TCP is more
> >> dangerous than DNS/UDP is that the first root expliot of
> >> named was over TCP not UDP. There were later exploits that
> >> were UDP only which totally busted the myth but it continues
> >> to live.
> >>
> >> Mark
> >
> > Just to make it clear. This was BIND 4/8 code and the bugs
> > were addressed in the last millennia.
> >
> > To date there are no known root exploits for BIND 9.
>
> Because who runs BIND as root anymore?
Lots of people. It's the only way you can handle some
events.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@isc.org
