On Wed, 9 Jul 2008, Leif Sawyer wrote:
> 1) Check to see if you're vulnerable using the website
> www.doxpara.com
>
> 2) If you are, you can upgrade to the latest bind patch level
> from ISC.
> or
> 3) you can wait until your vender issues a patch.
>
> 4) You can enable DNSSEC on your server. This really will
> mitigate the entire issue.
I must be missing something important. I dismissed this whole thing
initially because I routinely disable recursion on nameservers except for
those networks that actually need it--I've done this for years because I
consider it part of basic server hardening. I realize of course that many
appliances don't allow you to do this, but I don't use those.
Naturally I've already patched all my boxes, but what am I missing here?
I can only conclude that either disabling recursion isn't a valid
workaround, or it's considered so unusual that I'm one of the few people
in the world who do it.
Mike
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Fri Jul 11 07:28:45 2008
This archive was generated by hypermail 2.1.8 : Fri Jul 11 2008 - 07:28:45 AKDT