[CentOS] BIND vulnerability
Ray Van Dolson
rayvd at bludgeon.org
Wed Jul 29 19:19:39 UTC 2009
On Wed, Jul 29, 2009 at 02:10:56PM -0500, Chris Boyd wrote:
>
> On Jul 29, 2009, at 11:21 AM, Karanbir Singh wrote:
>
> > yes, which is one of many reasons why a zone masters is usually
> > setup to
> > not be publicly available.
>
>
> The localhost 127.0.0.1 zone can also be used as an attack vector
> according to the folks on the DNS Ops list, so it's looking like
> pretty much every bind installation will need to be updated.
>
> --Chris
Do you have a link to a mailing lists post describing this? Would like
to pass it along...
Ray
More information about the CentOS
mailing list