If you run a BIND or BIND dervied Nameserver - have you upgraded?

[ryanz]

We received this notice from a reputable source today, does anyone know of it and are the suggestions correct?

Quote...
Some code will be published soon that will allow "bad People" to
potentially easily inject bad data into Nameservers that run as Cache
servers. *The fix is to randomise the port that queries are made
from/to - which should make attackes more difficult...we would suggest anyone running BIND to look at upgrading their DNS
Services ASAP. *This will probably include most Linux and Window
installations.
./Quote

 

[atomicturtle]

The nature of the vulnerability is a weakness in the basic design of the overall implementation of DNS internet wide. The fixes released by the vendors just make this harder to exploit, it does not by any means resolve the problem. The primary issue is with dns cache poisoning, a method of hijacking DNS requests to go to an alternate destination. The root of the issue is that the attack would occur on DNS servers resolving records for your domain(s), so you don't even have a way to respond to it.