Now blogging at diego's weblog. See you over there!

plugging the dns recursion hole

Via this Slashdot article I was reminded about a vulnerability in DNS configs that allow recursion and therefore let the server act as an open relay that could be used in a DDoS attack. I verified my DNS using DNS Report and this matched what I saw in my config files -- my DNS server was open. Rogers had a post last week on the topic which outlined the steps he took and served as a quick guide, and along with this page of the BIND9 manual I had the whole plugged in a few minutes, confirmed by the DNS Report tool. Phew!

Categories: soft.dev, technology
Posted by diego on March 19, 2006 at 11:47 AM

Copyright © Diego Doval 2002-2011.