Is Bind still broken?
dns
dns at aniota.com
Wed Nov 20 01:18:39 UTC 2002
on "11-17-2002" "Danny Mayer" writ:
: > broken , it seems , taken in its most static meaning. the argument
:
: That's as clear as mud. The major differences are what protocols they
: support and and how they handle zone transfers, AXFR or rsync,
: dynamic update, TSIG, etc. What do YOU mean by broken?
... when was the 'last' time you saw a security warning about djbdns, and
bind. in my book, a "Remote ROOT conpromise" 'feature' in ANY package,
translates to 'broken'. memory being what it is, i've forgotten what
versions of bind "aren't" vulnerable.
it would seem the initial 'reaction' to the question, thoughtless. a
more reasoned approach understands bind's strengths, and weaknesses,
accepting that it might be a legitimate question.
: When only a few people know, you at least reduce the chances of it
: being used. Hackers are very good and know what they're doing.
... by extension then, a "good" cracker would want to get on the short
list of them in the know. you might recall, that the latest problems
require 'command' of dns in the first place.
: You don't think that Microsoft or any of the other vendors would do things
: any differently do you?
... my point exactly. unlike you, i did not know isc and M$ had that
much in 'commom'. i do not find that comforting ...
More information about the bind-users
mailing list