Network Attacks Via DNS

Become a fan of Slashdot on Facebook

This discussion has been archived. No new comments can be posted.

Network Attacks Via DNS

Load All Comments

Search 147 Comments Log In/Create an Account

Comments Filter:

90% of the internet is valnerable ... (Score:4, Interesting)

by after ( 669640 ) writes:

to somthing called DNS poison [google.com]. Why? Because system administrators are anal and fail to realize that software like BIND is not written to be secure. Hell, DNS was not even designed for such a large internet. The original DNS implementors were bad programmers and designers.

BIND9... don't get your hopes up. The BIND company sells paches for their software. Meaning that if you don't pay them money then you're going to be running an errornouse DNS server.

Still most people use BIND for two reasons: no one wants
- Re:90% of the internet is valnerable ... (Score:3, Interesting)
  
  by Anonymous Coward writes:
  
  ufortunately, djbdns is not open-source. Until a true open source alternative to BIND appears, we're stuck with it.
  - Re:90% of the internet is valnerable ... (Score:4, Informative)
    
    by shepd ( 155729 ) writes:
    
    >ufortunately, djbdns is not open-source.
    
    Incorrect, it is open source.
    
    It isn't GPL.
    
    There's a big difference.
    
    >Until a true open source alternative to BIND appears, we're stuck with it.
    
    By "true alternative" do you mean it has to be GPLable?
    
    Get real. djbdns' source is 100% available for you to look at and patch to your hearts content. If you find an error, send a fix to DJB and he'll add it after review. He'll even give you $500 [cr.yp.to] as a reward for your hard work. Find me a GPL program that makes a
    - Re:90% of the internet is valnerable ... (Score:2)
      
      by Zeinfeld ( 263942 ) writes:
      
      >ufortunately, djbdns is not open-source.
      Incorrect, it is open source. It isn't GPL. There's a big difference.
      The point being made is that djbdns is not open in some pretty important ways, like allowing other people to extend it for example.
      Bernstein is a total control freak, he demands that people install and use his code in very specific ways...
      - Re:90% of the internet is valnerable ... (Score:2)
        
        by idiotnot ( 302133 ) writes: <sean@757.org> on Sunday August 01, 2004 @10:43AM (#9857636) Homepage Journal
        
        Incorrect, it is open source. It isn't GPL. There's a big difference.
        
        Yes, but the trolls [trollse.cx] have redubbed anything to which you can read the code "Open Source." It confuses the argument, but it makes PHB's feel better about using software not developed by a money-grubbing company (the kind they were taught to like while they were earning their MBAs).
        
        DJB's software is Open Source. It is free-as-in-beer, not free-as-in-speech, perhaps. That said, just because something is Free Software does not make it superior, or secure. Freshmeat is kind of a misnomer -- there are lots of maggot-infested GPL'd programs out there. DJBDNS I don't use, mainly because I don't like it. But judging by the security record of qmail, and the attention he pays to his coding (although some of it, while increasing security, is just plain wrong....i.e. tcpserver's command-line resource limits), DJBDNS is probably very secure.
        
        BIND's record is as bad as Sendmail's. MS's DNS, itself, isn't bad, but Win2xxx is. You can do some things to make BIND more secure like chroot and BSD jails, but it's still not totally fool-proof. The article has some suggestions as to how you'd make the network more secure here, and they don't look very difficult. I will be writing rules for just this when I go to work later.
        
        Parent Share
        twitter facebook
        
        Wrong (Score:2)
        
        by warrax_666 ( 144623 ) writes:
        
        DJB's software is most definitely NOT Open Source. It violates point 4 of the definition here [opensource.org], which states:
        
        [...] The license must explicitly permit distribution of software built from modified source code.[...]
        
        The DJB license does not do that (and even prevents modified source distribution). End of story.
        
        Re:Wrong (Score:2)
        
        by idiotnot ( 302133 ) writes:
        
        You miss my point -- the whole "Open Source" movement clouds the definitions. OSI embraced the original APSL, which in many ways was more restrictive than the DJB licenses.
        
        There are many things that are open source and not free. DJB's stuff. Quite a bit of UW mail software, etc. etc. You can't distribute a patched version of pine, either, without UW's permission.
        
        OSI obfuscates these issue because the trolls don't get along with RMS.
        
        “Open Source” and “Free Software (Score:2)
        
        by Pan T. Hose ( 707794 ) writes:
        
        You miss my point -- the whole "Open Source" movement clouds the definitions. OSI embraced the original APSL, which in many ways was more restrictive than the DJB licenses. There are many things that are open source and not free. DJB's stuff. Quite a bit of UW mail software, etc. etc. You can't distribute a patched version of pine, either, without UW's permission. OSI obfuscates these issue because the trolls don't get along with RMS.
        
        Actually, the definition of "open source" used by OSI (launched
        
        Re:90% of the internet is valnerable ... (Score:2)
        
        by strobert ( 79836 ) writes:
        
        the parent post that started this all was quick frankly trolling. bind9 was a complete rewrite from the ground up. I don't recall the last time I had an exploit in bind9. I have had multiple openssl and openssh vulnerabilities in the past year however.
        
        So as I have told many people, every network app is going to have its issues. Some have more than others, but with proper patch management (and despite the original posters claim, you don't have to pay for BIND patches) you can keep your network secure.
        
        A

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Network Attacks Via DNS More Login

Network Attacks Via DNS

90% of the internet is valnerable ... (Score:4, Interesting)

Re:90% of the internet is valnerable ... (Score:3, Interesting)

Re:90% of the internet is valnerable ... (Score:4, Informative)

Re:90% of the internet is valnerable ... (Score:2)

Re:90% of the internet is valnerable ... (Score:2)

Wrong (Score:2)

Re:Wrong (Score:2)

“Open Source” and “Free Software (Score:2)

Re:90% of the internet is valnerable ... (Score:2)