{QUOTE-> On Tuesday, a security researcher responsibly disclosed a fundamental flaw within the Domain Name System (DNS), the addressing scheme behind the common names used on the Internet.

Dan Kaminsky, director of penetration testing services for IO Active, found the flaw earlier this year. Rather than sell the vulnerability, as some researchers have done, Kaminsky decided instead to gather the affected parties and discuss it with them first. Without disclosing any technical details, he said, "the severity is shown by the number of people who've gotten onboard with this patch."

He declined to name the flaw because it would give away details. <-QUOTE}More (http://news.cnet.com/8301-10789_3-9985618-57.html?).....

Researcher offers insight into DNS flaw
{QUOTE-> At Tuesday's press conference, Kaminsky refused to provide details about the flaw, preferring to give additional vendors and administrators affected at least 30 days to create or implement the patches.

But within the conference call, during the question-and-answer session, some details and clarifications emerged. <-QUOTE}More (http://news.cnet.com/8301-10789_3-9985815-57.html?)

On the NetworkWorld article about the issue there's a link to Kaminsky's page with a DNS checker, would both links be appropriate to post here?

That will be okay.

NetworkWorld article http://www.networkworld.com/news/2008/070808-dns-flaw-disrupts-internet.html?t51hb

Kaminisky's DNS checker: http://www.doxpara.com/

Thanks, Ron.

{QUOTE->
Kaminisky's DNS checker: http://www.doxpara.com/

<-QUOTE}

Another one (that doesn't require Javascript) is https://www.dns-oarc.net/oarc/services/dnsentropy

You know what I don´t understand? Why did it needed to be patched on client PC´s? I´m talking about the fix that screwed up ZoneAlarm. I mean you would think that only the DNS servers needed patching, can ayone explain?

The problem is in the DNS server not client so it is not related to ZA on your system.

From what i have read about the flaw OpenDNS is not affected,good reason to install it. http://www.opendns.com/

{QUOTE-> The problem is in the DNS server not client so it is not related to ZA on your system. <-QUOTE}
That's not quite correct - see, e.g., the example here (http://www.securiteam.com/securityreviews/5QP022KO1E.html) or here (http://lwn.net/Articles/289138/). As a matter of fact the client libraries of Windows and all Linux and BSD distributions have been patched in the meanwhile - but NOT Apple (http://blog.ncircle.com/blogs/sync/archives/2008/08/apple_dns_patch_fails_to_rando.html)! Their client libraries still aren't patched, i.e., they haven't implemented randomization of the query ID and the source port yet.