Package: bind Version: 1:8.4.6-1 Severity: normal
Good day, >From CVE-2006-0987 : > The default configuration of ISC BIND, when configured as a caching > name server, allows recursive queries and provides additional > delegation information to arbitrary IP addresses, which allows remote > attackers to cause a denial of service (traffic amplification) via > DNS queries with spoofed source IP addresses. References : http://www.securityfocus.com/archive/1/archive/1/426368/100/0/threaded http://dns.measurement-factory.com/surveys/sum1.html http://www.us-cert.gov/reading_room/DNS-recursion121605.pdf I've checked that default install on debian allows recursive queries but I'm not sure if this is really a problem or not. The workaround I can see would be to listen only on loopback for non-authoritative queries (as djbdns do) if we want to have a caching server (with recursion). But I'm far from being a DNS expert so perhaps I've missed something... Regards -- System Information: Debian Release: 3.1 Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686 Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8) Versions of packages bind depends on: ii libc6 2.3.2.ds1-22 GNU C Library: Shared libraries an ii netbase 4.21 Basic TCP/IP networking system -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
