July 22, 2008
In the last weeks all major DNS vendors and distributions did upgrade their DNS servers, but I was not getting an update for the DNS server which I use: MaraDNS
So I did take a look around and found following blog posting by the MaraDNS guys: MaraDNS is immune to the new cache poisoning attack. Which basically explains that because of DJB (whose DNS server I used before it was removed from Ubuntu Hardy) they use query ID and source port randomization since the first public release. Good that I always search for a secure implantation of a service I need. Why are so many people still using bind that much. It can’t be that every setup needs features which only bind provides. It must be laziness or they don’t care about security.