DNS and BIND Security Issues
Internet Software Consortium
Efforts are underway to add security to the DNS protocol. We have
observed that if BIND would just do what the DNS specifications say it
should do, stop crashing, and start checking its inputs, then most of
the existing security holes in DNS as practiced would go away. To be
sure, attackers would still have a pretty easy time co-opting DNS in
their break-in attempts. Our aim has been to get BIND to the point
where its only vulnerabilities are due to the DNS protocol, and not to
the implementation. This paper describes our progress to date.
Download the full text of this paper in
ASCII (45,431 bytes),
POSTSCRIPT (178,774 bytes),
and PDF (270,766 bytes) form.
To Become a USENIX Member, please see our