« Gigabyte M912 - Not for sale in the USDVD: Futurama: The Beast with a Billion Backs »

US-CERT: Multiple DNS implementations vulnerable to cache poisoning


  10:08:00 pm, by The Dreamer   , 274 words  
Categories: Software, Networking, Other Linux

US-CERT: Multiple DNS implementations vulnerable to cache poisoning

Link: http://www.kb.cert.org/vuls/id/800113

This has been a hot topic lately....which I first became aware of when an urgent ticket was assigned to me on Tuesday to upgrade all the campus DNS servers to a 'safe' version of bind.

During the winter break I had updated the campus caching DNS servers to 9.4.2, but the primary/secondary DNS servers were left running 9.3.4.

The 'safe' versions were 9.3.5-P1, 9.4.2-P1 or 9.5.0-P1.

The main campus caching servers had been running 9.2.3...so they were more pressing to upgrade to 9.4.2. During the break, the data center caching DNS server died...which created a good time to build the latest 9.4.2 version and later I upgraded (and make consistent) all the caching servers to this version.

In response to the urgent ticket, I got all the caching servers to 9.4.2-P1. And, this afternoon I got the primary and secondary DNS servers upgraded to match. I also discovered that the secondary DNS server had inadvertently been acting as a caching server to the whole world. After I turned it off, there were lots of log messages of comcast addresses being denied cache queries....and it was for a variety of well known sites, including youtube, paypal, google. At first it was Michigan comcast, but later I saw numerous other states, such as FL, GA, CO....

Meanwhile...I had started looking at getting the new bind package onto my Linux servers. These servers are well past EOL. So, I knew I was on my own to get things work.

Anyways....I was able to get bind-9.4.2-P1 to build and eventually run on both my RedHat 7.3 server and my SuSE 9.3 server. :wave:

Guess I need to update my ubuntu (8.04 server) from its desktop....

No feedback yet

Now instead of subjecting some poor random forum to a long rambling thought, I will try to consolidate those things into this blog where they can be more easily ignored profess to be collected thoughts from my mind.

Latest Poopli Updaters -- http://lkc.me/poop


There are 18 years 5 months 30 days 2 hours 42 minutes and 6 seconds until the end of time.
And, it has been 6 years 6 months 29 days 11 hours 20 minutes and 50 seconds since The Doctor saved us all from the end of the World!


July 2019
Mon Tue Wed Thu Fri Sat Sun
 << <   > >>
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31        


  XML Feeds

Who's Online?

  • Guest Users: 3
This seal is issued to lawrencechen.net by StopTheHacker Inc.
blogging software

hosted by
Green Web Hosting! This site hosted by DreamHost.

monitored by
Monitored by eXternalTest
SiteUptime Web Site Monitoring Service
website uptime