On Tue, Jul 29, 2008 at 11:23 AM, Herman Adams <email@hidden> wrote:
> Question for the group.... After following the thread and doing reading from
> a number of sites, I have come to an understanding (right or wrong – please
> tell me), the if you are not doing recursive lookups, the cache cannot
> become poisoned, therefore there is minimal threat???? Is this correct /
> incorrect???
>
> On 7/24/08 2:00 PM, "Kat Lehman" <email@hidden> wrote:
>
> Hi Everyone,
>
> I know this has been discussed, but as a neophyte web admin, how do I patch
> for this? We have a 10.4.11 PPC server which is hosting our 3 sites and
> Apple hasn't come up with a security patch. Anyone have any ideas? The link
> goes to the vulnerability but I'm not sure where to go with this or how to
> fix it.
>
> http://www.kb.cert.org/vuls/id/800113
>
> Peace,
> Kat
>
>
>
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Macos-x-server mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
> http://lists.apple.com/mailman/options/macos-x-server/email@hidden
>
> This email sent to email@hidden
>
The consensus is: If your server provides recursion, patch it or
forward those lookups to opendns (which has the bandwidth to do the
lookups for you, and has already patched against the exploit).
If it isn't doing recursion (is just providing authoritative records)
you should be ok, as the exploit requires the dns server to be doing a
lookup so it can inject a poisoned dns record.
--
Chris Barker
Purveyor of Fine Suggestions
angrydome.org
ACSA
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden
This email sent to email@hidden
