[CentOS] BIND vulnerability

Wed Jul 29 19:19:39 UTC 2009
Ray Van Dolson <rayvd at bludgeon.org>

On Wed, Jul 29, 2009 at 02:10:56PM -0500, Chris Boyd wrote:
> 
> On Jul 29, 2009, at 11:21 AM, Karanbir Singh wrote:
> 
> > yes, which is one of many reasons why a zone masters is usually  
> > setup to
> > not be publicly available.
> 
> 
> The localhost 127.0.0.1 zone can also be used as an attack vector  
> according to the folks on the DNS Ops list, so it's looking like  
> pretty much every bind installation will need to be updated.
> 
> --Chris

Do you have a link to a mailing lists post describing this?  Would like
to pass it along...

Ray