And what if the cache of your upstream is a victim of this attack? :-) So, yes, internally you probably don't have much to fear (unless you have a malicious employee, or someone else has already come in via some other means and this is a second part of an attack). But you either need to refer back to root servers or upstream DNS servers for other zones, and it's possible that they might be compromised (well, probably not the root servers)
Cheers Ken > -----Original Message----- > From: Joe Heaton [mailto:[EMAIL PROTECTED] > Sent: Thursday, 10 July 2008 2:04 AM > To: NT System Admin Issues > Subject: RE: Major DNS protocol issue effecting most implementations of DNS > > So this is pointed more at public name servers, right? Not internal > DNS? I do our internal stuff, but forward everything else to our "ISP", > which is another state agency. > > Joe Heaton > > -----Original Message----- > From: Micheal Espinola Jr [mailto:[EMAIL PROTECTED] > Sent: Wednesday, July 09, 2008 8:33 AM > To: NT System Admin Issues > Subject: Re: Major DNS protocol issue effecting most implementations of > DNS > > This blog has a good overview and some relevant info in the comments > (a lot of bs in there too though): > > <http://securosis.com/2008/07/08/dan-kaminsky-discovers-fundamental-issu > e-in-dns-massive-multivendor-patch-released/> > > On Wed, Jul 9, 2008 at 11:23 AM, Micheal Espinola Jr > <[EMAIL PROTECTED]> wrote: > > Affected systems include both client and server systems [that > > implement DNS caching and stub resolution], and any other networked > > systems that include this functionality. > > > > * US-CERT (TA08-190B) Multiple DNS implementations vulnerable to cache > > poisoning - > > <http://www.us-cert.gov/cas/techalerts/TA08-190B.html> > > * Microsoft Security Bulletin MS08-037 - > > > <http://www.microsoft.com/technet/security/bulletin/ms08-037.mspx> > > > > -- > > ME2 > > > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > > > > > > > -- > ME2 > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ > > No virus found in this incoming message. > Checked by AVG. > Version: 8.0.101 / Virus Database: 270.4.6/1540 - Release Date: 7/8/2008 > 6:33 AM > > ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ > ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
