[14796] in bugtraq
Re: glibc resolver weakness
daemon@ATHENA.MIT.EDU (Bennett Todd)
Sat May 6 14:57:19 2000
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
protocol="application/pgp-signature"; boundary="+mSjbC2tVdWE/Wop"
Message-Id: <20000503153047.W635@rahul.net>
Date: Wed, 3 May 2000 15:30:48 -0400
Reply-To: Bennett Todd <bet@RAHUL.NET>
From: Bennett Todd <bet@RAHUL.NET>
X-To: antirez <antirez@LINUXCARE.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <20000503034046.A9579@nagash.marmoc.net>; from
antirez@LINUXCARE.COM on Wed, May 03, 2000 at 03:40:46AM +0200
--+mSjbC2tVdWE/Wop
Content-Type: text/plain; charset=us-ascii
For those sufficiently paranoid to worry about such things, one
solution (I believe, if I'm not misunderstanding the nature of the
threat) is to run a well-written, efficient, secure caching
nameserver on each and every local system, putting 127.0.0.1 in
/etc/resolv.conf.
One great caching nameserver is djb's dnscache, at
<URL:http://cr.yp.to/dnscache.html>.
-Bennett
--+mSjbC2tVdWE/Wop
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.0 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE5EH5nL6KAps40sTYRAWjLAJ4kH1tz18ivX6zTQXGFZtpFrn9e+gCffNCe
SMxQJ6ZCw/rJne/z89LxbKY=
=LFHH
-----END PGP SIGNATURE-----
--+mSjbC2tVdWE/Wop--
