tech-security: BIND9 is an effective "filter" on resolver overflow (fwd)

Subject: BIND9 is an effective "filter" on resolver overflow (fwd)
To: None <tech-security@netbsd.org>
From: Darren Reed <avalon@coombs.anu.edu.au>
List: tech-security
Date: 06/27/2002 10:22:51

Forwarded message:
> To: Brett Glass <brett@lariat.org>
> Cc: security@FreeBSD.ORG
> From: Mark.Andrews@isc.org
> Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:28.resolv 
> Date: Thu, 27 Jun 2002 10:12:08 +1000
> 
> 
> > Aaargh. This will affect not only more recent systems but
> > the older 3.x and embedded systems I maintain for people.
> > There's no patch for these, and in the case of the embedded
> > systems that use BSD I can't upgrade.
> > 
> > Any word on whether one can detect and block such attacks
> > upstream via an IDS or a proxy at the firewall?
> > 
> > --Brett Glass
> 
> 	Provided you are behind a nameserver you trust that reconstructs
> 	the answer you should be fine.
> 
> 	BIND 9 reconstucts all answers (excluding forwarded UPDATES).
> 	BIND 8 forwards some and reconstructs others.
> 
> 	Mark
> > 
> > At 01:08 PM 6/26/2002, FreeBSD Security Advisories wrote:
> >   
> > >-----BEGIN PGP SIGNED MESSAGE-----
> > >
> > >============================================================================
> > =
> > >FreeBSD-SA-02:28.resolv                                     Security Advisor
[...]