How secure is rndc?
Mark Andrews
Mark_Andrews at isc.org
Thu Dec 21 22:10:40 UTC 2006
RNDC requires a shared key. RNDC is not subject to replay
attacks provided both the server and client are BIND 9.2.3
or later. Most rndc commands are benign if they are executed
multiple times (rndc stop being the obvious exception).
RNDC used cryptographic hashs, timestamps (hmac-md5 similar
to TSIG) and nonces (9.2.3 onwards) to protect the transaction.
The transaction itself is in the clear.
Mark
1480. [bug] Provide replay protection for rndc commands. Full
replay protection requires both rndc and named to
be updated. Partial replay protection (limited
exposure after restart) is provided if just named
is updated.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list