The recent DNS vulnerability and the impact on Sonic.net.

Earlier this week US-CERT announced a very serious DNS Cache Poisoning vulnerability which affects a large number of DNS servers across the Internet.

Thankfully we here at Sonic.net run PowerDNS on our Authoritative and Recursive servers which has been hardened against this type of attack for years (official PowerDNS statement on the vulnerability).

The vulnerability would allow an attacker to inject incorrect answers into the recursive server, which would then send clients to a potentially malicious web site or redirect email, or any other network traffic; all of which would be un-detected by the user or the host running the name server.

It is highly recommended that you update your DNS name server software; all major vendors will have patches and updates available; of course if you were running PowerDNS, then you wouldn’t need to do any patching. 🙂