One of the companies most at risk from the notorious DNS cache poisoning vulnerability (announced in early July by IOActive researcher, Dan Kaminsky) has overhauled security in the latest release of its DNS server software. It looks like a major code rethink, according to Techworld.
The report says Nominum, which supplies a chunk of the global market for such servers, has just finished rolling out a major security upgrade to its server platform, Vantio caching DNS server, and introduced a range of new security 'layers' beyond the basic Source Port Randomisation (UDP SPR) fix suggested at the time the flaw was.
They include a fix to stop potential abuse of Network Address Translation (NAT) in front of an otherwise patched DNS server. The story says the fix has arrived "˜in the nick of time'.
See here for the full story.