Greg Young

My colleague and guest blogger Lawrence Orans joins me today in giving his take on the DNS BIND vulnerability:

Another July, another DNS vulnerability.  Last year, it was the Kaminsky vulnerability.  Yesterday, the ISC announced another vulnerability in BIND.  It’s serious — a specially-crafted dynamic update message can crash your BIND 9 name servers.  According to the ISC, “an active remote exploit is in wide circulation at this time”.  Fortunately, the ISC has released BIND versions which address the vulnerability.  BIND users should upgrade immediately to one of the three BIND 9 versions specified in the ISC announcement. 

I can count on one hand the number of Gartner clients that scheduled inquiries with us last year to discuss the Kaminsky vulnerability.  At first, that surprised me.  But, after thinking about it, I realized that clients weren’t calling because there really wasn’t anything to discuss.  If you were running a vulnerable version of DNS, you had to apply the patch – it’s that simple.  You don’t ask the dentist if you need to brush your teeth, and you don’t need to ask Gartner if you should patch the Kaminsky DNS vulnerability.  I imagine that with this DNS vulnerability, Gartner will also see a similar lack of inquiries from our clients.  Sure, two serious DNS vulnerabilities in two years will stimulate lots of discussion and debate about best practices for securing DNS, but the immediate priority is to get those BIND 9 name servers upgraded – there is no need to discuss that.  So, go out there and brush (and floss) your teeth!   

- Lawrence Orans is a research director in Gartner’s Research organization. His research focuses on the integration of security within internal networks, with a particular emphasis on network access control, VoIP and content filtering.

2 Comments »

Category: Uncategorized     Tags:

Share