[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: BIND 9 Patch

Subject: Re: BIND 9 Patch
From: Dan Shoop <email@hidden>
Date: Wed, 29 Jul 2009 16:01:32 -0400
Delivered-to: email@hidden
Delivered-to: email@hidden


On Jul 29, 2009, at 8:44 AM, Jaime Magiera wrote:

https://www.isc.org/node/479

First, note that Apple is listed as "unknown" as to whether this impacts OS X or not. I suspect it may, but...

Why on earth would one permit this traffic through their firewall to their DNS servers? You should be filtering nsupdate messages from all but trusted hosts.

DNS is very fragile. This is well known. If you're not securing your DNS servers then you're going to get burned by any one of a number of issues with DNS in general. It's also another reason why most sites shouldn't be running their own DNS. Heck, even MSFT doesn't, you think Ma & Pa InternetSite should? (Rhetorical question.)

-d

------------------------------------------------------------------------
Dan Shoop
Computer Scientist
email@hidden

GoogleVoice: 1-646-402-5293

aim: iWiring
twitter: @colonelmode

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macos-x-server mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/macos-x-server/email@hidden

This email sent to email@hidden

Follow-Ups:
- Re: BIND 9 Patch
  - From: Jaime Magiera <email@hidden>

References:
	>BIND 9 Patch (From: Jaime Magiera <email@hidden>)

Prev by Date: Re: Survey: XServe mail or other
Next by Date: Re: Survey: XServe mail or other
Previous by thread: BIND 9 Patch
Next by thread: Re: BIND 9 Patch
Index(es):
- Date
- Thread

Home