> >>> On 8/9/2007 at 10:07 PM, Mark Andrews <[EMAIL PROTECTED]> wrote: > > > In article <[EMAIL PROTECTED]> you write: > >> > >> I suspect that the origin of the myth that DNS/TCP is more > >> dangerous than DNS/UDP is that the first root expliot of > >> named was over TCP not UDP. There were later exploits that > >> were UDP only which totally busted the myth but it continues > >> to live. > >> > >> Mark > > > > Just to make it clear. This was BIND 4/8 code and the bugs > > were addressed in the last millennia. > > > > To date there are no known root exploits for BIND 9. > > Because who runs BIND as root anymore?
Lots of people. It's the only way you can handle some events. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [EMAIL PROTECTED]