Warrior Tang (![[info]](http://l-stat.livejournal.com/img/userinfo.gif){kind=small} tangaroa) wrote,@ 2008-07-08 17:40:00 |
|
| Current mood: |  blah |
| Current music: | Remilegend - Perpetual Nocturne |
MS08-037 / KB951748 broke my DNS
My DNS stopped working after installing the DNS client/server update that Microsoft is pushing out today. Wireshark shows PTRs but no A queries going out. This says the update only resizes the socket pool, which I can't see causing a problem, and the list of known problems does not include DNS simply timing out.
The problem might be related to Zone Alarm. Actually, after some additional googling, I'm convinced that the problem is related to Zone Alarm. The update changed some core Windows networking files and this probably confused Zone Alarm somehow. I've found no specifics and no solution, but let's give the Zone Labs people a few days to investigate it. Lowering your security level is supposed to get around the issue, but it's probably safer to uninstall the update.
Update: There's something bigger going on. Slashdot reports that all DNS server vendors are issuing patches for a common vulnerability. Comments suggest that server responses might be predictable enough to spoof through man-in-the-middle attacks, though this description says name servers can be compromised through the flaw. Both could be right; if server responses can be spoofed, the information that the servers get from the root and authoritative servers can also be spoofed. A few links from the comments include a PDF describing DNS attack methods and DJB's note on the need for randomizing UDP ports and DNS query IDs.
