Subject: Update on DNS spoofing hole.
Newsgroups: gmane.network.dns.dnsmasq.general
Date: 2008-07-15 18:54:47 GMT (50 weeks, 3 days, 6 hours and 23 minutes ago)
Dnsmasq users: There has been some confusion about the exact nature of the newly-discovered DNS hole, and if dnsmasq is affected. I just talked to Dan Kaminsky and can confirm that dnsmasq is potentially vulnerable. All users should therefore upgrade. Ensure that the --query-port option (which will disable query-port randomisation) is _not_ used except on tightly-controlled networks. Also note that version 2.43, which was rushed out to fix this hole, has a crash bug in unrelated DHCP code. This is only triggered in rare circumstances. Distribution authors may like to wait for version 2.44, due next week, which fixes this problem. Cheers, Simon.