Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Multiple DNS implementations vulnerable to cache poisoning

Guys , just checking on IronPort they do have DNS cache did they patch these and what release addressing the patch :

http://www.kb.cert.org/vuls/id/800113

2 REPLIES

Re: Multiple DNS implementations vulnerable to cache poisoning

Check this:
https://www.ironportnation.com/forums/viewtopic.php?t=948

New Member

Re: Multiple DNS implementations vulnerable to cache poisoning

As the advisory says, IronPort is not vulnerable to this problem.

However if you are using an upstream DNS server (rather than using the "root servers") and that upstream server (or it's upstream, etc) is vulnerable to this problem then it's still possible for your IronPort receive invalid data.

So please, if you're using an upstream DNS server please check with your ISP or whoever provides it to make sure that they are taking the relevant precautions to make sure they are not are vulnerable to this problem.

You can do a basic test to check if your upstream servers are vulnerable by running the following from your IronPort :
myironport> nslookup porttest.dns-oarc.net txt

TXT="63.251.57.82 is GOOD: 26 queries in 155.3 seconds from 26 ports with std dev 14911.47"
TTL=30m

If you get a POOR or FAIR then it means you've got a problem. If you get a GOOD it means that the last DNS server in the chain is OK, but any in the middle could still be vulnerable.

131
Views
0
Helpful
2
Replies