| site links |
|
:: home :: archive :: donate :: rss feed :: about site :: bend forums :: bend blogs :: sh.orty :: welcome to bend |
| advertisements |
|
|
| about |
|
UtterlyBoring.com is produced by Jake Ortman (e-mail, resume), a 30-year-old dad, percussionist, freelance Web designer, consultant and jack-of-all-trades computer geek, living in Bend, Oregon. He created this so that his expensive journalism and technology degree isn't getting totally wasted. In addition to editing this site in his free time, he is the IT Director and Ad Designer at both Sunray and Discover Sunriver. He has LinkedIn, MySpace, Facebook profiles if you're trying to stalk him.
Opinions and comments on this site are the opinions of the author, not the author's employer, family, friends or pets. This site is powered by Movable Type and is hosted by orty.com. Internet connection provided by Bend BroadBand. Since December 1st, 2002, there have been 5257 entries. Visitors to this blog have posted 16488 comments. If you're reading this, you have too much time on your hands. |
| support us |
|
|
Yet Another Reason To Use OpenDNS -- Patch Your DNS Servers NowThere's a really ugly DNS security issue that's affected pretty much everybody, you need to make sure you've patched everything you can. While nobody really knows what the problem is, considering that the domain name system is the Internet's backbone and if it gets broken, it's a bad thing. Thankfully, OpenDNS isn't susceptible to the attack, so you can use them safely (and encourage your ISPs to patch their DNS servers, too, or at least forward all DNS requests to somebody like OpenDNS until they can patch their BIND implementation). I've used OpenDNS for quite a while and have set it up at the office, and it's worked great. Posted by Jake on 07/09/08 @ 10:48 AM
Posted in Geekdom | 4 Comments | Permalink Submit to digg, del.icio.us, reddit, or stumbleupon 4 CommentsNameless One said on 07/24/08 @ 11:30 AM:dig @216.228.160.29 +short porttest.dns-oarc.net TXT dig @216.228.160.30 +short porttest.dns-oarc.net TXT Bend Cable is still vulnerable... The Frank and Bob team are falling behind. It's time for them to buy new $600,000 DNS servers from Sun and hire consultants for 6 weeks to make them work. I suspect Bend Cable customers will have secure, non-poisoned DNS some time in the winter. Jake said on 07/24/08 @ 12:08 PM: That tool also says that my DNS servers -- which have the latest BIND patches -- are vulnerable (at least it did a few days ago when I tried it). I'll have to look in to it a bit more to see what's going on. Frank said on 07/28/08 @ 01:28 PM: Source port and transaction ID randomness is a stopgap. Hoping for DNSSEC. Review RFC 3833 for entertainment :}. Jake, the test here appears to do the right thing ... https://www.dns-oarc.net/ Nameless One said on 09/10/08 @ 05:47 PM: If the web or dns based tool shows you are clearly vulnerable, then you are. It's accurate. By the way, I'm hoping for a number of arcane standards to become widely used on the internet. But guess what, nobody cares what I want. And nobody cares about DNSSEC or we would have started using it years and years ago. There are much simpler ways to avoid this vulnerability, the stop-gap provided by port randomization won't work when we all have gigabit internet links but there are better randomization techniques, such as adding a large random string to the query. But that requires coordination and thus won't actually happen. (Not nearly as much coordination as DNSSEC, though.) Post a comment |
What are you doing down here? Don't you have something better to do? Like Go Back To The Top of the page, or even see who created this site? This site is © 2001 - 2008 by the Utterly Boring folks at UtterlyBoring.com. Steal my content, as I probably did, too, just link to my site or the original site. Batteries not included. One size fits all. Not for off-road use. Not for internal use. Do not taunt Happy Fun Ball. Technorati Profile.
