From owner-freebsd-security  Tue Nov 12 16:17:19 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D1C0C37B401
	for <Freebsd-security@freebsd.org>; Tue, 12 Nov 2002 16:17:17 -0800 (PST)
Received: from mgw1-out.MEIway.com (mgw1.meiway.com [212.73.210.75])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 60C6143E77
	for <Freebsd-security@freebsd.org>; Tue, 12 Nov 2002 16:17:16 -0800 (PST)
	(envelope-from LConrad@Go2France.com)
Received: from VirusGate.MEIway.com (virus-gate.meiway.com [212.73.210.91])
	by mgw1-out.MEIway.com (Postfix Relay Hub) with ESMTP id 62497EF6AA
	for <Freebsd-security@freebsd.org>; Wed, 13 Nov 2002 00:54:20 +0100 (CET)
Received: from localhost (localhost.meiway.com [127.0.0.1])
	by VirusGate.MEIway.com (Postfix) with SMTP id D6E225D009
	for <Freebsd-security@freebsd.org>; Wed, 13 Nov 2002 01:24:20 +0100 (CET)
Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73])
	by VirusGate.MEIway.com (Postfix) with ESMTP id 8EF0B5D008
	for <Freebsd-security@freebsd.org>; Wed, 13 Nov 2002 01:24:20 +0100 (CET)
Received: from tx0-go2france-c.Go2France.com [66.64.14.18] by mail.Go2France.com with ESMTP
  (SMTPD32-6.06) id AC6C50290276; Wed, 13 Nov 2002 01:27:24 +0100
Message-Id: <5.1.1.6.2.20021112180339.00a891d8@mail.go2france.com>
X-Sender: LConrad@Go2France.com@mail.go2france.com
X-Mailer: QUALCOMM Windows Eudora Version 5.1.1
Date: Tue, 12 Nov 2002 18:16:50 -0600
To: Freebsd-security@freebsd.org
From: Len Conrad <LConrad@Go2France.com>
Subject: Re: ISS Security Advisory: Multiple Remote Vulnerabilities in
  BIND4 and BIND8 (fwd)]
In-Reply-To: <07fe01c28aa7$5bdeba10$0d11000a@wscarewm>
References: <20021112172820.GV96637@techometer.net>
 <07dc01c28aa4$fdb51d50$0d11000a@wscarewm>
 <20021112234706.GB62028@hellblazer.nectar.cc>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org


>At least limiting it prevents someone setting up an authoritative server,
>then making a query to that domain off your name server.

In the Men and Mice DNS Security course, we call this "triggered poisoning".

With BIND8, limiting/disabling recursion and disabling glue-fetching will 
keep your pretty secure from cache poisoning, and from this particular 
vulnerability.

The attacker could send you email that bounced causing your MX to query his 
DNS to send the bounce msg, but your MX wouldn't be querying his tricked up 
DNS for SIG records.  SIG records are for DNSSEC signed zones and signed 
records.  How many BIND8 zones even have SIG records to respond with?

Len


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message