One thing is for sure, Microsoft is no innovator. Their DNS is a copy of
BIND with a graphic front end and a few registry enties. If the problem
exists in BIND you can be assured in exists in Microsoft's version as well
with one significant difference, the source code for BIND is available so it
can be checked for flaws and problems.
> -----Original Message-----
> From: Paul D. Robertson [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, May 06, 1999 4:40 PM
> To: Sloan, Scott
> Cc: Firewalls (E-mail)
> Subject: Re: Microsoft DNS
>
> On Thu, 6 May 1999, Sloan, Scott wrote:
>
> > Would I run into a risk running Microsoft's DNS caching service on a
> > Gauntlet NT firewall box? Would it be possible for someone to poison my
> > cache? If so, what's the best configuration?
>
> There was a report a couple weeks ago of the cache file being replaced on
> an NT DNS - I have no idea what the exploit vector was. Cache poisoning
> is always possible if the attacker can sniff a wire between you and
> anything else, I don't know if NT's DNS is any better or worse than the
> latest incantation of BIND. The NT port of BIND works well and has the
> same behaviour as the Unix version, so you may be better off using that
> to communicate with the rest of the planet. Binaries are available, see
> http://www.navigist.com/Reference/Guides/BIND/ for more information.
>
>
> Paul
> --------------------------------------------------------------------------
> ---
> Paul D. Robertson "My statements in this message are personal
> opinions
> [EMAIL PROTECTED] which may have no basis whatsoever in fact."
>
> PSB#9280
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
