Serious vulnerability discovered in the DNS protocol
11/07/2008
SIDN advises patching DNS software
On 8 July 2008, various DNS software suppliers made a joint, coordinated announcement regarding a serious vulnerability in the DNS protocol. At the same time, software patches were made available for various DNS products. SIDN advises all DNS Service Providers (hosting service providers, ISPs and registrars) to take serious note of this announcement and to patch their DNS software at the earliest opportunity.
Patches
Almost all software publishers have included the necessary patches in their general update programmes. In most cases, therefore, the updates can be rolled out in the usual way. However, it should be noted that the rollout could have implications for firewall settings in some cases. We therefore advise consulting the information made available by the software supplier if you are in any doubt.
DNS
The DNS (Domain Name System) translates easily remembered domain names into the corresponding IP addresses. The detected vulnerability could be put to malicious use to direct people to incorrect websites.
Further information
The vulnerability is in the DNS protocol, rather than any particular DNS software product. It affects only ‘recursive’ DNS servers, also known as ‘caching resolvers’. On 6 August, security expert Dan Kaminsky will publish further details of this vulnerability. Once the information becomes public, it is liable to be put to malicious use, if this has not happened already.
For further technical details, see
http://www.kb.cert.org/vuls/id/800113. where extensive information about the various DNS software suppliers is also available.
A tool for testing the vulnerability of your systems is available at
www.doxpara.com.
