A bunch of vulnerabilities have been found in the Authoritative and Recursor
servers. Here’s the list of security advisories:
http://seclists.org/oss-sec/2017/q4/329
I’m surprised this hasn’t been mentioned on these lists yet.
On Tue, Nov 28, 2017 at 11:46:18AM +, Jim Reid wrote:
> I’m surprised this hasn’t been mentioned on these lists yet.
I hope most people track security bulletins through other distribution
channels than dns-wg@ripe.net. Most DNS vendors have dedicated
'announce' mailing lists for this type of i
> On 28 Nov 2017, at 11:51, Job Snijders wrote:
>
> I hope most people track security bulletins through other distribution
> channels than dns-wg@ripe.net.
I would hope so too Job.
However using these sorts of lists to get an even wider distribution wouldn’t
hurt. YMMV.
There are probably q
On Tue, Nov 28, 2017 at 12:26:25PM +,
Jim Reid wrote
a message of 15 lines which said:
> However using these sorts of lists to get an even wider distribution
> wouldn’t hurt. YMMV.
Note that there was an article in the Internet tabloid:
http://www.theregister.co.uk/2017/11/28/powerdns_dn
> On 28 Nov 2017, at 12:34, Stephane Bortzmeyer wrote:
>
> Note that there was an article in the Internet tabloid:
>
> http://www.theregister.co.uk/2017/11/28/powerdns_dnssec_bugs/
>
> The "explanations" mix up DNS with BGP! "for example, if a network is
> tricked into advertising itself as th
