Slashdot Mirror

← Back to Stories (view on slashdot.org)

Another DNS Flaw Found, Patched

Posted by Soulskill on from the come-and-gone dept.

darthcamaro writes "Remember the big DNS flaw that Dan Kaminsky 'discovered' last year? Well, it looks like another flaw in DNS has just been patched. This time it's an item that affects DNSSEC, which was supposed to be the savior for the Kaminsky flaw. The good news, though, is that this time, the issue is relatively minor and DNS has already been patched. 'The flaw is specific to certain usages of DNSSEC,' Joao Damas, senior programming manager of the ISC told InternetNews. 'It is strongly advised that all BIND DNSSEC deployments update in case they are using the particular pattern affected (DSA keys in some cases) and to prevent coming across the problem in the future unexpectedly.'"

4 of 66 comments (clear)

  1. subject by cstdenis · · Score: 4, Funny

    This is bad for all those who use DNSSEC. Both of them must be annoyed at the need to their software.

    --
    1984 was not supposed to be an instruction manual.
  2. Yeah, um... by Ethanol · · Score: 5, Informative

    That's not a "DNS flaw".

    It's an OpenSSL bug that turned out to affect BIND.

    1. Re:Yeah, um... by Florian+Weimer · · Score: 4, Informative

      It's an OpenSSL bug that turned out to affect BIND.

      No, it's a misuse of an OpenSSL API from within BIND, so the error is on BIND's side. It's of extremely low impact, though.

  3. DNS Flaw? by HairyCanary · · Score: 5, Insightful

    "DNS Flaw"? Can we shoot for a bit more accuracy here on Slashdot, since we're all technical enough to understand the details? It's a flaw that affects BIND. And BIND != DNS. I shouldn't have to point that out...