Hi! > What I take from this mitigation statement--Use a trustworthy DNS > resolver which is able to validate the data according to the DNS record > types--is that if our DNS service is solid, we are not vulnerable. Is this > accurate, or am I oversimplifying things? The mitigation statement from ZDI > was much more ominous, but I'm still parsing "network-adjacent attackers".
As far as I know, there was not enough info in the ZDI report to really have a reproducible test case. So we're all a little bit in the dark. See https://lists.isc.org/pipermail/bind-users/2023-October/107997.html and follow-ups for a few comments on the topic for bind. -- p...@opsec.eu +49 171 3101372 Now what ? -- ## subscription configuration (requires account): ## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/ ## unsubscribe (doesn't require an account): ## exim-users-unsubscr...@lists.exim.org ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
