Kaminsky's exploit: What about CNS?
Chris Buxton
cbuxton at menandmice.com
Tue Jul 15 17:30:08 UTC 2008
I happened to check my home ISP's name servers using the porttest
query, and I did not get entirely reassuring results:
$ dig +short porttest.dns-oarc.net TXT
@68.87.76.178z
.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"68.87.76.181 is POOR: 26 queries in 0.2 seconds from 24 ports with
std dev 126.32"
$ fpdns 68.87.76.178
fingerprint (68.87.76.178, 68.87.76.178): Nominum CNS
$ dig +short porttest.dns-oarc.net TXT @68.87.78.130
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"68.87.78.133 is POOR: 26 queries in 1.0 seconds from 25 ports with
std dev 149.32"
$ fpdns 68.87.78.130
fingerprint (68.87.78.130, 68.87.78.130): Nominum CNS
Since we have consulting customers using CNS, should we be advising
them to install some kind of upgrade?
Chris Buxton
Professional Services
Men & Mice
More information about the bind-users
mailing list