Recently a flaw was found in the DNS protocol. This was published, after a short delay while distributors found workarounds to this issue, as CVE-2008-1447. This flaw allows for an attacker to spoof a DNS response and possibly send a user to an unknown, likely unwanted, site in the place of your own.

To be absolutely clear, there are no known exploits to this flaw in the wild currently. The flaw was discovered by security researchers and has so far been very loosely described, so much so that it would be exceptionally difficult to reverse engineer the flaw from the description.

There have been patches released by most major vendors, including TinyDNS and BIND. These solutions focus on source port randomization, which injects an even more random component into the DNS response and makes it almost impossible to spoof result traffic (the entire point of this flaw). Red Hat Linux has packaged this BIND patch and CentOS has rebuilt and tested the patch for its 4.6 and 5.x distributions.

Bryght/Raincity Studios has applied this patch to its authoritative and caching name servers, following the industry-wide push to patch this hole in the DNS protocol.

A word of warning to those considering patching their own installations. If you have Red Hat's caching BIND server installed (but configured as an authoritative server), there is a chance that this update will overwrite your configuration and return it to the standard caching-only configuration. Bryght was not affected by this, but we know of people who were and feel their pain.

Please feel free to contact us with any questions or comments via the Bryght Support HQ.