Kenneth Porter wrote: > Slashdot carried this story yesterday on a BIND vulnerability: > > <http://it.slashdot.org/story/09/07/29/0028231/New-DoS-Vulnerability-In-All-Versions-of-BIND-9> > According to a commenter, this should provide a temporary countermeasure: iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32 '30>>27&0xF=5' Haven't tested it, would like to know the results... Glenn > The upstream report: > > <https://www.isc.org/node/474> > > Red Hat's Bugzilla: > > <https://bugzilla.redhat.com/show_bug.cgi?id=514292> > >>From what I'm reading, if one has an Internet-facing master for a zone, one > is vulnerable, even if dynamic DNS isn't being used. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > >