DNS Cache Snooping vulnerabilty
Saulo Medeiros de Araújo
saulov8 at gmail.com
Tue Sep 9 14:32:33 UTC 2008
Hello to eveyone!
I trying to solve the DNS Cache Snooping vulnerabilty, detected by Nessus,
but i'm having some dificuties.
I found in my searchs some safer BIND configurations to prevent cache
snooping attacks. So i've inserted those following lines in my named.conf
file:
acl "trusted" {
10.0.0.0/16;
localhost;
};
And added those following lines in my named.conf.options file:
allow-query { trusted; };
allow-recursion { trusted; };
allow-query-cache { trusted; };
But i'm still getting the Nessus alert. Does anyone have some ideia to solve
this problem?
This is the Nessus issue:
http://www.nessus.org/plugins/index.php?view=single&id=12217
Thanks for any help!
Best regards..
More information about the bind-users
mailing list