"For years, cryptographer Daniel J. Bernstein has touted his djbdns
as so secure he promised a $1,000 bounty to anyone who can poke holes
in the domain name resolution software.
Now it could be time to pay up, as researchers said they've
uncovered several vulnerabilities in the package that could lead end
users to fraudulent addresses under the control of attackers.
djbdns is believed to be the second most popular
DNS program, behind Bind. The bugs show that even the most secure DNS
packages are susceptible to attacks that could visit chaos on those who
use them.
One of the bugs, disclosed last week
by researcher Kevin Day, exploits a known vulnerability in the DNS
system that allows attackers to poison domain name system caches by
flooding a server with multiple requests for the same address."
Read more: http://www.theregister.co.uk/2009/02/28/djbdns_cache_poisoning_vulns/
