[linux-sec-uk] djbdns / dns

James Fidell linux-sec-uk at mailman.lug.org.uk
Wed Aug 20 13:05:00 2003


Quoting James Davis (jamesd@jml.net):
> With the recent discusion of qmail/sendmail/... and an article on DNS
> posted to slashdot I'd be interested in experiences with djbdns,
> especially in comparison (security wise) with other DNS servers.
> 
> Has anyone suffered a serious threat to the security of their DNS setup?

Whilst not exactly a "security" problem, this is certainly a DoS...

I have a client who uses djbdns very heavily (on FreeBSD).  Under
certain circumstances (that I've not yet been able to reproduce) it
appears to eat all the filedescriptors it can and tnen wedge hard to the
point where only restarting the daemon will restore service.  Fortunately
we've never got to the point where all nameservers are affected at the
same time and can do the restart(s) once the monitoring system raises
the alarm without everything breaking.

James