BIND crash bug prompts urgent update call A vulnerability in BIND creates a means for miscreants to crash vulnerable Domain Name System servers, posing a threat to overall internet stability as a result. Exploits targeted at BIND (Berkeley Internet Name Domain Server) version 9 are already in circulation, warns the Internet Software Consortium, the group which …
The acronym BIND was derived from its first domain use, Berkeley Internet Name Domain, and the server software being the "Berkeley Internet Name Domain (BIND) Server". It was not, as is sometimes assumed, Berkeley Internet Name Daemon
Marking something true as a Fail = Epic Fail
The acronym BIND was derived from its first domain use, Berkeley Internet Name Domain, and the server software being the "Berkeley Internet Name Domain (BIND) Server". It was not, as is sometimes assumed, Berkeley Internet Name Daemon. The original acronym is clear from the title of and usage in the original BIND paper, The Berkeley Internet Name Domain Server.
http://en.wikipedia.org/wiki/BIND
The Penguin. Obviously, hes cute......
"BIND is used on a great majority of DNS servers on the Internet. DNS maps between easy-to-remember domain names, understood by humans, and their corresponding numerical IP addresses, needed by computers. Simply put, the system can be compared to a phone book for the internet."
Hang on... aren't the people who read this site supposed to be technically literate?
Surely you do not need to explain a fundamental technology as if we were Daily Mail readers.
"The latter has yet to have a significant bug found in it"
probably because hardly anyone usesit.
", and fully implements DNS RFCs while BIND violates several."
Since BIND is the defacto DNS reference implementation if could be said that where BIND violates the RFCs , the RFCs should be updated. I'm not saying thats a good thing but...
"Spent a while on this this morning. Fortunately the company for which I work implements DNS architectures which are not vulnerable." .... By John Robson Posted Wednesday 29th July 2009 13:39 GMT
John,
DNS architectures are always sweetly tempted by sticky XSS Programs ... for AIdDynamic Virile Growth for Markets Capture ..... for an XXXXCellent PreDominance.
Windows first.
The Windows DNS server caused me any amount of grief in the past, not because I was trying to maintain it but because some idiot who thought it was a good idea meant that I had to spend a lot of time trying to find ways around its egregious behaviour. I'll wait a couple of days for the next Windows vulnerability than then I'll start laughing again.
Mind you, would wouldn't be laughing much if your upstream ISP/DNS provider didn't patch his systems. You're in a seriously small minority running the Windows DNS server.
Automatic updates.
I really don't know why you think automatic updates of the kind that the various major distros do. For a start, the update does not mess with configuration unless the configuration itself needs fixing and then you get to merge the new configuration with the old one.
Or are you thinking of the kind of update that happens without any user intervention? The kind that no one actually uses? The ubuntu auto-update someone mentioned earlier tells you updates are available and lets you choose which ones you want. For my money (and the continued security of my servers) I'd choose the way that gives me the patch in a few hours with little or no work on my part.
And don't get me started on Bind 8 on BSD 4 -- it may be working, but is it invulnerable to the known exploits of the last few years?
The cache poisoning vulnerability is a function of how DNS itself works, as opposed to being anything specific to any particular package, and all servers are affected by it to a greater or lesser extent. At least DJBDNS has never had remote root or remote crash exploits. Some of us still remember the seemingly monthly updates needed with BIND some years back.
"Do not fear the penguins, fear the black hats instead".
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
