Archives for: July 2008, 10

07/10/08

  10:08:00 pm, by The Dreamer   , 274 words  
Categories: Software, Networking, Other Linux

US-CERT: Multiple DNS implementations vulnerable to cache poisoning

Link: http://www.kb.cert.org/vuls/id/800113

This has been a hot topic lately....which I first became aware of when an urgent ticket was assigned to me on Tuesday to upgrade all the campus DNS servers to a 'safe' version of bind.

During the winter break I had updated the campus caching DNS servers to 9.4.2, but the primary/secondary DNS servers were left running 9.3.4.

The 'safe' versions were 9.3.5-P1, 9.4.2-P1 or 9.5.0-P1.

The main campus caching servers had been running 9.2.3...so they were more pressing to upgrade to 9.4.2. During the break, the data center caching DNS server died...which created a good time to build the latest 9.4.2 version and later I upgraded (and make consistent) all the caching servers to this version.

In response to the urgent ticket, I got all the caching servers to 9.4.2-P1. And, this afternoon I got the primary and secondary DNS servers upgraded to match. I also discovered that the secondary DNS server had inadvertently been acting as a caching server to the whole world. After I turned it off, there were lots of log messages of comcast addresses being denied cache queries....and it was for a variety of well known sites, including youtube, paypal, google. At first it was Michigan comcast, but later I saw numerous other states, such as FL, GA, CO....

Meanwhile...I had started looking at getting the new bind package onto my Linux servers. These servers are well past EOL. So, I knew I was on my own to get things work.

Anyways....I was able to get bind-9.4.2-P1 to build and eventually run on both my RedHat 7.3 server and my SuSE 9.3 server. :wave:

Guess I need to update my ubuntu (8.04 server) from its desktop....

Now instead of subjecting some poor random forum to a long rambling thought, I will try to consolidate those things into this blog where they can be more easily ignored profess to be collected thoughts from my mind.

Latest Poopli Updaters -- http://lkc.me/poop

bloglovin

There are 20 years 1 month 8 days 3 hours 3 minutes and 54 seconds until the end of time.
And, it has been 4 years 11 months 20 days 10 hours 59 minutes and 2 seconds since The Doctor saved us all from the end of the World!

Search

July 2008
Mon Tue Wed Thu Fri Sat Sun
 << < Current> >>
  1 2 3 4 5 6
7 8 9 10 11 12 13
14 15 16 17 18 19 20
21 22 23 24 25 26 27
28 29 30 31      
Google

Linkblog

  XML Feeds

Who's Online?

  • Guest Users: 6
This seal is issued to lawrencechen.net by StopTheHacker Inc.
Multiple blogs solution

hosted by
Green Web Hosting! This site hosted by DreamHost.

monitored by
Monitored by eXternalTest
SiteUptime Web Site Monitoring Service
website uptime