On 2016-02-17 23:43, Dominic Hargreaves wrote:
The answer here implies that just any resolver will not help you,
but that there is an unbound configuration that might:
https://lists.dns-oarc.net/pipermail/dns-operations/2016-February/014349.html
Yeah, I also followed some discussions on PowerDNS [1] and Bind [2]
mailing lists/blogs.
As it is still not quite clear yet, how this issue is exploitable, the
general consensus is
it might be possible that resolvers relay exploit content to clients.
So to be on the safe side, patching and rebooting or at least restarting
prominent services
is the way to got.
Cheers,
Tom.
[1]
http://blog.powerdns.com/2016/02/17/powerdns-cve-2015-7547-possible-mitigation/
[2] https://lists.isc.org/pipermail/bind-users/2016-February/096297.html
