Debian: New PowerDNS packages reduce DNS spoofing risk

Tags

debian, packages, security

Special Forums Cybersecurity Security Advisories (RSS) Debian: New PowerDNS packages reduce DNS spoofing risk

08-11-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

Debian: New PowerDNS packages reduce DNS spoofing risk

LinuxSecurity.com: Brian Dowling discovered that the PowerDNS authoritative name server does not respond to DNS queries which contain certain characters, increasing the risk of successful DNS spoofing (CVE-2008-3337). This update changes PowerDNS to respond with SERVFAIL responses instead.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. Cybersecurity

Help Make a spoofing DNS using pcap library

Hello all, i need your quick help. I have assignment project class to make a program using pcap library to spoofing DNS in linux environment. Can anyone help me, because i'm newbie in network security and in C?:confused: Regards, ptrfw

LEARN ABOUT MOJAVE

mail::dkim::dns5.18

Mail::DKIM::DNS(3)					User Contributed Perl Documentation					Mail::DKIM::DNS(3)

NAME

       Mail::DKIM::DNS - performs DNS queries for Mail::DKIM

DESCRIPTION

       This is the module that performs DNS queries for Mail::DKIM.

CONFIGURATION

       This module has a couple configuration settings that the caller may want to use to customize the behavior of this module.

   $Mail::DKIM::DNS::TIMEOUT
       This global variable specifies the maximum amount of time (in seconds) to wait for a single DNS query to complete. The default is 10.

   Mail::DKIM::DNS::resolver()
       Use this global subroutine to get or replace the instance of Net::DNS::Resolver that Mail::DKIM uses. If set to undef (the default), then a
       brand new default instance of Net::DNS::Resolver will be created the first time a DNS query is needed.

       You will call this subroutine if you want to specify non-default options to Net::DNS::Resolver, such as different timeouts, or to enable
       use of a persistent socket. For example:

	 # first, construct a custom DNS resolver
	 my $res = Net::DNS::Resolver->new(
			   udp_timeout => 3, tcp_timeout => 3, retry => 2,
			);
	 $res->udppacketsize(1240);
	 $res->persistent_udp(1);

	 # then, tell Mail::DKIM to use this resolver
	 Mail::DKIM::DNS::resolver($res);

   Mail::DKIM::DNS::enable_EDNS0()
       This is a convenience subroutine that will construct an appropriate DNS resolver that uses EDNS0 (Extension mechanisms for DNS) to support
       large DNS replies, and configure Mail::DKIM to use it. (As such, it should NOT be used in conjunction with the resolver() subroutine
       described above.)

	 Mail::DKIM::DNS::enable_EDNS0();

       Use of EDNS0 is recommended, since it reduces the need for falling back to TCP when dealing with large DNS packets. However, it is not
       enabled by default because some Internet firewalls which do deep inspection of packets are not able to process EDNS0-enabled packets. When
       there is a firewall on a path to a DNS resolver, the EDNS0 feature should be specifically tested before enabling.

AUTHOR

       Jason Long, <jlong@messiah.edu>

COPYRIGHT AND LICENSE

       Copyright (C) 2006-2007, 2012-2013 by Messiah College

       This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.6 or,
       at your option, any later version of Perl 5 you may have available.

perl v5.18.2							    2013-02-07							Mail::DKIM::DNS(3)

Security Advisories (RSS)