A series of patches are being released after Dan Kaminsky announced a possible DNS poisoning technique. See
http://news.cnet.com/8301-10789_3-9985815-57.html http://www.us-cert.gov/cas/techalerts/TA08-190B.html http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience Courier users running a bind 9 (or equivalent) resolver should have no problems installing the relevant patch. The patch apparently consists in randomizing the UDP origin port number of the query. Does Courier's rfc1035 implementation require a similar patch? Is it planned? -Note that the libc equivalent function hasn't yet been patched for, e.g., Debian systems; to quote Florian Weimer: "At this time, it is not possible to implement the recommended countermeasures in the GNU libc stub resolver." ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ courier-users mailing list [email protected] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
