[Pdns-announce] Statement on the recent DNS vulnerability & impact on PowerDNS (none)

bert hubert bert.hubert at netherlabs.nl
Wed Jul 9 18:16:19 UTC 2008


Hi everybody,

We're being approached from various angles about PowerDNS and the recently
discovered DNS vulnerability (http://www.kb.cert.org/vuls/id/800113 )

To clear up any possible confusion, I'd like to state that since 2006,
PowerDNS has not been vulnerable for the issue reported in CVE-2008-1447, to
the extent that this is possible.

In fact, we've been warning the DNS community against these kinds of
problems since around that time - see
http://tools.ietf.org/html/draft-ietf-dnsext-forgery-resilience-05

If you have any further questions, please do not hesitate to contact me,
on-list or off.

Kind regards,

Bert Hubert
PowerDNS.COM BV

-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services


More information about the Pdns-announce mailing list