All your DNS are belong to us

So many news sites actually relayed this information today, BBC being one of them. The issue seems to be related to the lack of randomness in ports. If a query is sent to a recursive DNS, the UDP port actually used remains the same. A much more technical explanation can be found here.

Long story short, not only has it affected the whole industry, but it made many bodies actually realize that something might be slightly borked on the ‘ternet.

If you feel like playing, there is a nice script you can use to test your servers. I am actually off patching some more.