Zen Internet Support Forum

Everybody should be aware that Dan Kaminsky has found an exploit for the known problem of insufficient randomisation in DNS queries.

Right now Zen's servers (which recurse on behalf of most Zen customers) fail the Doxpara test.

Is there a specific schedule for when Zen will be applying the relevant patches and making this problem go away for its users?

What is Zen doing to support adoption of DNSSEC (which is probably the only permanent fix for such problems) in .UK and in the root?

We are part way thro' upgrading to the fixed version of BIND. We upgraded half the customer facing caches yesterday and the other half will be done today.

As to DNSSEC, it's something we will be looking into in due course.

---

--
Jerry Nicholls
Principal Systems Engineer
perl -e '$_=q(print "perl -e \x27\$_=q($_);eval\x27\n");eval'

Jerry Nicholls:

We are part way thro' upgrading to the fixed version of BIND. We upgraded half the customer facing caches yesterday and the other half will be done today.

 Ah yes, I see the test checks out OK now. Thanks for the prompt answer.

Is there any news of the status of Zen's DNS servers. Does no news mean they are not patched and that users are vulnerable?

---

Come on Boro