On Tue, Jul 28, 2015 at 07:06:16PM -0400, Ben Croswell wrote: > Is it safe to say the only vulnerable hosts would be those > accepting queries from the outside world, or would this also > pertain servers getting responses from the outside world with > no inbound queries?
I would ask where does the "outside world" begin? Many sites serve users with vulnerabilities. Have you ever had botnet traffic originating from your network? (I have, not fun.) Otherwise your premise is valid; the malicious query comes to your named via port 53 UDP or TCP, not as a reply from another server. But if you're thinking it's okay because you're going to deny the query, no! This happens before named gets to that point. Your nameserver must be closed to ALL potentially hostile queries. -- http://rob0.nodns4.us/ Offlist GMX mail is seen only if "/dev/rob0" is in the Subject: _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
