> > I think I do; he's an ISP, and apparently someone inside his address block (the CIDR notation /19; his actual block is publicly found by doing a quick nslookup of his domain name, noting the IP address of the DNS server(s) listed, and then a whois of the IP address of the DNS server(s). His /19 shows up) has hacked in some way the zone file(s) or the cache for his nameserver so that his customers, who would ordinarily use his DNS server as their recursive resolver, now see www.yahoo.com (among who knows what others) as pointing to a different address, the one inside his /19 (which I hope he has tracked and duly removed in grand Texas style), for the purpose of phishing. > > Now whether this was done by actually hacking into his DNS server or by a cache poisoning attack or what, I don't know since those details Larry hasn't made public. And that's ok. That's what I assumed however given the vagueness I wasn't sure. At this time I'm unaware of any attacks on Bind within current Centos 5 if it is a properly configured system (selinux enabled, bind chroot, iptables in place, etc) that would allow someone to mess with his zone files or other parts of bind. As such if there is such a critical vulnerability it would be nice to get details.... especially how he is so intent on blaming Redhat and Bind.... on the other hand if he has misconfigured systems it's his own fault and he should stop blaming Redhat/CentOS. If he is willing to discuss the details great! If he is not I would strongly suggest he stop spamming the mailing lists with nonsense. James