PowerDNS vulnerabilities - dns-wg - mailman.ripe.net

newer
New on RIPE Labs: DNS TTL...

PowerDNS vulnerabilities

older
FOSDEM 2018 DNS devroom Call for...

Jim Reid

28 Nov 2017 28 Nov '17

12:46 p.m.

A bunch of vulnerabilities have been found in the Authoritative and Recursor servers. Here’s the list of security advisories: http://seclists.org/oss-sec/2017/q4/329 I’m surprised this hasn’t been mentioned on these lists yet.

Show replies by date

Job Snijders

28 Nov 28 Nov

12:51 p.m.

On Tue, Nov 28, 2017 at 11:46:18AM +0000, Jim Reid wrote:

I’m surprised this hasn’t been mentioned on these lists yet.

I hope most people track security bulletins through other distribution channels than dns-wg@ripe.net. Most DNS vendors have dedicated 'announce' mailing lists for this type of information. The advantage is that you can subscribe to what is relevant to your operations, and you get to hear it from the horses mouth. Kind regards, Job

Jim Reid

1:26 p.m.

On 28 Nov 2017, at 11:51, Job Snijders <job@ntt.net> wrote:

I hope most people track security bulletins through other distribution channels than dns-wg@ripe.net.

I would hope so too Job. However using these sorts of lists to get an even wider distribution wouldn’t hurt. YMMV. There are probably quite a few people like me who aren’t on vendor-specific lists but would like to be informed about recent vulnerabilities/upgrades in commonly used DNS software.

Stephane Bortzmeyer

1:34 p.m.

On Tue, Nov 28, 2017 at 12:26:25PM +0000, Jim Reid <jim@rfc1035.com> wrote a message of 15 lines which said:

However using these sorts of lists to get an even wider distribution wouldn’t hurt. YMMV.

Note that there was an article in the Internet tabloid: http://www.theregister.co.uk/2017/11/28/powerdns_dnssec_bugs/ The "explanations" mix up DNS with BGP! "for example, if a network is tricked into advertising itself as the whole of the Internet, it can be hosed, or if the wrong network promises it's the best way to reach YouTube, then YouTube is blackholed." All this with PowerDNS :-)

Jim Reid

1:41 p.m.

New subject: reporting in The Register

On 28 Nov 2017, at 12:34, Stephane Bortzmeyer <bortzmeyer@nic.fr> wrote:

Note that there was an article in the Internet tabloid:

http://www.theregister.co.uk/2017/11/28/powerdns_dnssec_bugs/

The "explanations" mix up DNS with BGP! "for example, if a network is tricked into advertising itself as the whole of the Internet, it can be hosed, or if the wrong network promises it's the best way to reach YouTube, then YouTube is blackholed." All this with PowerDNS :-)

Well if it’s in The Register it has to be true, right? :-)

2539

Age (days ago)

2539

Last active (days ago)

Download

4 comments

3 participants

tags

participants (3)

Jim Reid
Job Snijders
Stephane Bortzmeyer