Article 14253 at 08/11/04 01:22:34 From: brian (at mark) rainstormconsulting.com Subject: [coba-e:14253] Cache snooping attacks, bind

Index: [Article Count Order] [Thread]

Date:  Mon, 03 Nov 2008 11:22:26 -0500
From:  Brian Rahill <brian (at mark) rainstormconsulting.com>
Subject:  [coba-e:14253] Cache snooping attacks, bind
To:  coba-e (at mark) bluequartz.org
Message-Id:  <490F2542.3040509 (at mark) rainstormconsulting.com>
X-Mail-Count: 14253

Hi All,

We were recently audited as part of PCI compliance by an external vendor and were notified that our DNS server is vulnerable to cache snooping attacks.

We are running BIND 9.2.4 and as far as I can tell, there is no reasonable workaround to prevent this unless it's upgraded to BIND 9.4.1-P1.

So,
1. Is it possible to upgrade to BIND 9.4.1-P1 and still use the GUI to administer DNS ?
2. Does anyone know of another workaround using the existing BIND?

Thanks for any help you can provide.

Brian