[bind] Re: The worst thing about the exploit -- Have you done your part?
Brian Keefer
chort at smtps.net
Mon Jul 28 04:49:39 UTC 2008
On Jul 27, 2008, at 9:02 PM, Michael Coumerilh wrote:
> I'm running DNS for my company that only has 35 computers "because I
> can."
> I have enabled views, and recursion is off for the "all" group, while
> it is enabled for the "local" group.
>
> My BIND installation is on an OS X server, so manually updating can
> get ugly. We're talking LOW load here. 5,000 requests a day. MAYBE.
>
> Question: Am I safe from this issue, or should I just wholesale
> forward everything to opendns and drop internal DNS?
>
> Is un-patched recursion at ANY point dangerous or just external
> recursion?
>
> Michael
You should either patch now, or forward to OpenDNS until you can
patch. If you do any recursive lookups at all, you're vulnerable.
Brian Keefer
Sr. Systems Engineer
www.Proofpoint.com
"Defend email. Protect data."
More information about the bind-users
mailing list