bind8.2 security issues

Danny Mayer mayer at gis.net
Mon Jul 1 16:41:13 UTC 2002 

At 10:48 AM 7/1/02, Steve Foster wrote:

>At 12:55 01/07/02 GMT, phn at icke-reklam.ipsec.nu wrote:
> >
> >I found a solaris-8/sparc package from steve at smc.vnet.net , i have a copy
> >on ftp://ftp.manet.nu/pub/bind/bind-9.2.1-sol8-sparc-local.gz ( yes
> >you _should_ build your own, but to get running asap installing a package
> >could be ok)
>
>Hi,
>
>i decided to build from scratch, and it seems to have gone okay. I have
>started named with a modified version of the named.conf i used to use for
>our 8.2.3 installations, certain things had to be removed for it to start,
>such as the following:
>
>named-xfer "/usr/local/sbin/named-xfer" ;

This is obsolete. The functionality is now integrated into BIND 9.

>         topology {
>                 localhost;
>                 localnets;
>                 { 154.32/16; };
>         };

This is not implemented in BIND 9.

>Are these not used anymore, and is there an equivalent of named-xfer, this
>is not something i need now, but will be when/if i build my secondary and
>primary servers???

You don't need anything else.


>the startup shows the following:
>
>Jul  1 15:41:30 testmonitor.europe.psi.com named[25973]: starting BIND
>9.2.1 -u nobody -c /usr/local/etc/named.conf
>Jul  1 15:41:30 hostname named[25973]: using 1 CPU
>Jul  1 15:41:30 hostname named[25973]: loading configuration from
>'/usr/local/etc/named.conf'
>Jul  1 15:41:30 hostname named[25973]: no IPv6 interfaces found
>Jul  1 15:41:30 hostname named[25973]: listening on IPv4 interface lo0,
>127.0.0.1#53
>Jul  1 15:41:30 hostname named[25973]: listening on IPv4 interface hme0,
>154.8.2.126#53
>Jul  1 15:41:30 hostname named[25973]: none:0: open:
>/usr/local/etc/rndc.key: file not found

Use rndc-confgen to generate an rndc.conf file and append the screen output to
the named.conf file.  This will allow you to control named.

>Jul  1 15:41:30 hostname named[25973]: couldn't add command channel
>127.0.0.1#953: file not found

See above.

>Jul  1 15:41:30 hostname named[25973]: no source of entropy found

You need a source of entropy. This is usually /dev/random on Unix platforms.
Check with your O/S vendor for details.

>Jul  1 15:41:30 hostname named[25973]: zones/named.127:1: no TTL specified;
>using SOA MINTTL instead
>Jul  1 15:41:30 hostname named[25973]: zone 127.in-addr.arpa/IN: loaded
>serial 1
>Jul  1 15:41:30 hostname named[25973]: zones/named.localhost:1: no TTL
>specified; using SOA MINTTL instead
>Jul  1 15:41:30 hostname named[25973]: zone localhost/IN: loaded serial 1
>Jul  1 15:41:30 hostname named[25973]: running
>
>Do i need to worry anout rndc.key, or is this for something else other than
>resolving, and is there any specific options for named.conf to fix the
>"couldn't add command channel 127.0.0.1#953: file not found" error.

See above.

Danny

More information about the bind-users mailing list