Last week a DNS researcher proposed a method to limit the DNS cache poisoning attacks by addition of a single character to the popular BIND name server software.

Robert Lemos of SecurityFocus reports: By changing a '<' to '<=' in a trust check in the Berkeley Internet Name Domain (BIND) server software, the patch would prevent a previously unknown server from poisoning the cache, unless the time to live (TTL) — a limit on the age of a name server entry — had expired. The suggestion, made by computer scientist Gabriel Somlo, would make exploitation of name server caches more difficult. However, the "one-character patch" also has some serious side effects, Dan Kaminsky..."

Read full story: SecurityFocus

Related topics: DNS, Security