I've been getting people sending me announcements and asking me if our servers are secure or at risk! The bottom line is we've known about the security issues of running both authoritative and caching servers on the same server using Bind for years! We separated ours in July of 2004 for both speed and security.

This exploit was announced by CERT on July 8th 2008

Today, July 23, 2008, I tested several large Internet Service Providers (ISP) and web hosting providers and have discovered many are still failing! To my shock my personal ATT DSL account at home using DNS IP 66.219.156.2 at 18:48:29 pm failed too.... So it goes, yet again to demonstrate that the multi-gazzilon dollar telecom networks are NOT always better than a mall ISP who "has it together"!

 It's issues like this that also determine the quality of the ISP you are doing business with. It can effect both consumer surfing and also merchants domains from being spoofed! DNS is the root core of any network and the quality, speed, aging, the network technical contacts and DNS server IPs are also all things that Google measures when determining the quality of the content they index.If you technical contact is managing a gazzillon web sites or the DNS IP is associated with spam operations, well, it just makes it easier for a small company like config to do better for their clients... Well, enough of my rambling, lets get back to the current DNS security exploit topic!