How To Patch BIND9 Against DNS Cache Poisoning On Debian Etch
This article explains how you can fix a BIND9 nameserver on a Debian Etch system so that it is not vulnerable anymore to DNS cache poisoning.
Bookmark to:
Jul 27
BIND 9 Vulnerability And Solution – Patch BIND To Avoid Cache Poisoning (Fedora/CentOS)
I am pretty sure most of you
guys have hard about the Vulnerability in BIND. Dan Kaminsky earlier this month
announced a massive, multi-vendor issue with DNS that could allow attackers to
compromise any name server – clients, too. I thought I would share with you all
one of the quickest solutions systems administrators running BIND 9 can use to
help solve this vulnerability in case their systems are vulnerable.
Bookmark to:
Jul 27
Perfect DjbDNS Setup On Ubuntu Server 8.04 (amd64) Hardy
DjbDNS is a collection of Domain Name System tools. It includes software for all the fundamental DNS operations. This tutorial shows how to set it up on an Ubuntu 8.04 AMD64 server.
Bookmark to:
Jul 27
I am pleased (?) to annunce that BIND9 exploit is out (CVE-2008-1447).
This exploit targets a fairly ubiquitous flaw in DNS implementations which allow the insertion of malicious DNS records into the cache of the target nameserver.
This exploit caches a single malicious host entry into the target nameserver.
By causing the target nameserver to query for random hostnames at the target domain, the attacker can spoof a response to the target server including an answer for the query, an authority server record, and an additional record for that server, causing target nameserver to insert the additional record into the cache.
This issue was fixed in ubuntu via USN-622-1 but more ISP are now vulnerable.
What to do?
First of all check your DNS on www.doxpara.com (right menu)
If your DNS are vulnerable I suggest to switch on Open DNS for fix this security issue.
emgent@amnistia:~$ sudo su root
[sudo] password for emgent:
root@amnistia:/home/emgent# echo “nameserver 208.67.222.222” > /etc/resolv.conf
root@amnistia:/home/emgent# echo “nameserver 208.67.220.220” >> /etc/resolv.conf
root@amnistia:/home/emgent# exit
exit
emgent@amnistia:~$
Background on #ubuntu-quality:
[SNIP]
(04:36) ( emgent) hello
(04:37) ( LaserJock) hi emgent
(04:37) ( emgent) I’m plased to annunce that BIND9 exploit is now pubblic.
(04:37) ( emgent) s/plased/pleased/
(04:38) ( persia) It the solution also public, and distributed?
(04:38) ( emgent) sure. fixed some week ago in ubuntu.
(04:38) * LaserJock wonders if he should clap or not
(04:39) ( emgent) but more ISP are vulnerale now..
(04:40) ( emgent) persia: you can check your dns on http://www.doxpara.com/ (right menu)
(04:42) ( emgent) s/vulnerale/vulnerable/
(04:44) ( Hobbsee) oh good! telstra isn’t.
(04:45) ( emgent) nice, Telecom Italia now is vuln.
(04:45) ( persia) NTT is vulnerable, but that is bot unsurprising and unlikely to cause issues.
(04:45) ( emgent) I use Open DNS
(04:47) ( LaserJock) mine is vulnerable it says
(04:47) ( emgent) switch to open dns
(04:49) ( emgent) exploit was pubblished some hours ago.. and there is a big problem.. now all people can hack vuln DNS and redirect google.com to sarcazzo.com for example.
(04:50) ( emgent) i go to write a post in planet.
(04:50) ( LaserJock) interesting
[SNIP]
happy defending! 
Bookmark to:
