Side Channel

  • home
  • resources
Home › Blogs › angch's blog

User login

What is OpenID?
  • Log in using OpenID
  • Cancel OpenID login
  • Create new account
  • Request new password

Navigation

  • Books
  • Feed aggregator

Recent blog posts

  • Ubuntu mirrors up and improved!
  • Google-jstemplate: Iterate object with unknown properties
  • nginx https proxypass for php apps
  • sugarcrm & memcache: Doing it Wrong
  • subversion and https in Ubuntu Karmic
  • Drupal: Views block delta converted to md5 hash
  • Ubuntu Server install requires PAE
  • Installing Drupal from command line
  • Drupal: Handling form field weight through CCK
  • minify javascript using Google Closure Compiler
more

angch's location

angch twitter

  • angch: Heading to Brunei. Business class for a change.
  • angch: tc qdisc htb activated on the mirror, and mirror reactivated. Hope nothing melts now.
  • angch: Hmmm, tbf doesn't work as advertised. htb does. #qos #linux
  • angch: @yoonkit me thinks #lucid is a much better tag than #lynx
  • angch: Great, you broke the dc's net and they disconnected us. Running to tpm from shah alam
more

Patch your nameservers!

angch's picture

angch — Thu, 24/07/2008 - 23:18

This bears repeating:

Just patched a number of our nameservers. ( http://www.doxpara.com/ ). Be careful that it's not your content nameservers that matters here, but your own resolver and upstream's nameservers that matters. Check with the tool in www.doxpara.com. Ingenius way to check for vulnerablity, btw.

If you don't trust your upstream's dns, run your own patched nameserver, but don't forward queries upstream, but straight to the root servers.

P.S. Use opendns or our own patched dns: 202.190.85.116 (temporary while upstream patches their's. I'll remove this in a bit)

  • dns
  • security
  • sysadmin
  • angch's blog
  • Add new comment


Creative Commons License

  • home
  • resources

Standard Disclaimer.