Home  |   Contact Us  |   Customer Login  |   Partner Login  |     |     |      |  

 
Solutions
Products
Customers
Services & Tools
Support & Training
Partners
News & Events
Company
Library
   Language   
Library Overview
Overviews
Data Sheets
Case Studies
White Papers
Solution/Tech Notes
Webinars & Videos
Product Demos
Freeware
bloxNews™
bloxMedia™
bloxTalks™
bloxTV™
bloxRadio™
Press Room
DNS Resources
DNS Security Center
"Ok, that was too easy. Much better than upgrading bind. Thanks!!!!"

Mike Hershberger
Armstrong World Industries
"Yes, we did patch already. What a fun thing these darn across the board vulnerabilities... Infoblox grid technology is amazing!"

Large Government Organization
DNS Security Center
Your 24/7 source for breaking news, resources and events related to DNS security developments

   DNS SECURITY FLASH - November 24 2009
 
CERT VULNERABILITY NOTE VU#418861: Cache Update from Additional Section

On November 24, 2009, a security vulnerability was announced that may allow cache poisoning on a recursive nameserver with DNSSEC validation enabled.

With this vulnerability a DNSSEC enabled nameserver may incorrectly add records to its cache from the additional section of responses received during resolution of a recursive client query.

This behavior only occurs when processing client queries with checking disabled (CD) at the same time as requesting DNSSEC records (DO). This also will not occur if the nameserver is authoritative-only.

NIOS is vulnerable to this attack in the scenarios described above. We have patched the following NIOS versions to protect against this vulnerability. Customers using DNSSEC must upgrade to one of the following releases (or greater) as all earlier versions are affected.
  • 4.3r4-6 (ETA: 11/25/09)
  • 4.3r5-6
  • 4.3r6-3

More information
CERT Advisory VU#418861: http://www.kb.cert.org/vuls/id/725188
 


DNS Security News
  

The best in news and blog coverage selected by Infoblox experts:

  • 80% of government Web sites miss DNS security deadline
    > Read Article

  • DNSSEC Secures Another Domain – DarkReading
    > Read Article

  • Website directory system is most vulnerable to attack – The Financial Times
    > Read Article

  • ISC BIND 9 vulnerable to denial of service via dynamic update request – US-CERT
    > Read Article

  • DNSSEC deployments gain momentum since Kaminsky DNS bug – Search Security
    > Read Article

  • Kaminsky interview: DNSSEC addresses cross-organizational trust and security – Search Security
    > Read Article

  • At long last, internet's root zone to be secured – The Register
    > Read Article

  • Study: Operators should use DNSSEC to improve security – Network World
    > Read Article

  • Another Attack, Another Reason for the Urgency of DNSSEC Adoption – CircleID
    > Read Article

  • Puerto Rico sites redirected in DNS attack – CNET News
    > Read Article



Testing and Reporting Tools

DNS Vulnerability Testing Tool
Courtesy of DNS Operations, Analysis, and Research Center (DNS-OARC)
> Test Now

Infoblox Tool Center
Cricket Liu's DNS Advisor Pro LE
> Learn More


DNS Best Practices Resources

A collection of DNS-related resources developed by Cricket Liu, Infoblox VP of architecture and author of O’Reilly’s DNS and BIND.
> Learn More


bloxTV™: Cricket Liu on DNSSEC

Cricket talks about DNSSEC, what it is, how it originated and why it has become increasingly important. View 3 part series.
> Watch now


ISACA Webinar: Important DNS Security Updates

ISACA webinar-DNS Security: New Threats, Immediate Responses, Long Term Outlook
Presented by Cricket Liu and Dan Kaminsky
Discuss the role of DNS in modern networks, the current DNS exploit, as well as additional DNS threats and ways to mitigate them. They will also present a checklist and tools that can be used to audit DNS infrastructures. This is great background research for DNSSEC.
> Watch Now

 
© 2010 Infoblox Inc. All rights reserved. All registered trademarks are property of their respective owners. Privacy policy. Site Map.