nanog mailing list archives

Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica

From: Mark Andrews <marka () isc org>
Date: Wed, 05 Aug 2015 02:39:18 +1000


In message <9C2ACA5A-755D-4FCF-8491-745A1F9111BA () puck nether net>, Jared Mauch writes:

I recommend using DNSDIST to balance traffic at a protocol level as you can h=
ave implementation diversity on the backside.=20

I can send an example config out later for people. You can balance to bind N=
SD and others all at the same time :-) just move your SPoF

Jared Mauch


Unless the same client hits the same server all the time this is a
bad idea.

Resolvers actually track capabilities of servers as it is the only
way to get answers due to firewalls dropping legitimate packet and
protocol misimplementations.  Add to that different vendors /
versions supporting different extensions randomly flipping between
vendors / versions is frought with danger unless you take extreme
care.

On Aug 4, 2015, at 10:03 AM, Jay Ashworth <jra () baylink com> wrote:

Everyone got BIND updated?

http://arstechnica.com/security/2015/08/exploits-start-against-flaw-that-c
ould-hamstring-huge-swaths-of-internet/

--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.


-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka () isc org

Current thread:

Re: RES: Exploits start against flaw that could hamstring huge swaths of, (continued)
- - - Re: RES: Exploits start against flaw that could hamstring huge swaths of Randy Bush (Aug 04)
    - Re: RES: Exploits start against flaw that could hamstring huge swaths of Joel Maslak (Aug 04)
    - RES: RES: Exploits start against flaw that could hamstring huge swaths of Leonardo Oliveira Ortiz (Aug 06)
    - Re: RES: Exploits start against flaw that could hamstring huge swaths of Jay Ashworth (Aug 04)
    - Re: RES: Exploits start against flaw that could hamstring huge swaths Joe Greco (Aug 04)
    - Re: RES: Exploits start against flaw that could hamstring huge swaths Baldur Norddahl (Aug 04)
    - Re: RES: Exploits start against flaw that could hamstring huge swaths Christopher Morrow (Aug 04)
    - Re: RES: Exploits start against flaw that could hamstring huge swaths Baldur Norddahl (Aug 04)
    - Re: RES: Exploits start against flaw that could hamstring huge swaths of Valdis . Kletnieks (Aug 04)
- Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica Jared Mauch (Aug 04)
  - Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica Mark Andrews (Aug 04)
    - Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica Damian Menscher via NANOG (Aug 04)
    - Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica Jared Mauch (Aug 04)
  - Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica Joe Abley (Aug 04)
    - Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica Jared Mauch (Aug 04)
    - Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica Randy Bush (Aug 04)
  - Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica Jared Mauch (Aug 04)