Security Advisory: Server Lockup Upon IXFR or DDNS Update Combined with High Query Rate
Dennis Clarke
dclarke at blastwave.org
Wed Feb 23 05:08:46 UTC 2011
> Hi Dennis,
>
> Thank you for getting 9.7.3 out on Solaris, that is a huge help in
> getting this important update out there.
I have been running 9.7.3 for a few days now on all my production DNS
servers ( a bunch ) and a few in client sites in Europe. All seems to be
running very well and the upgrade was silky smooth. A measure of awesome
software to be true.
# uname -a
SunOS callistoz 5.10 Generic_144488-04 sun4u sparc SUNW,Sun-Fire-480R
# /opt/csw/sbin/rndc -s 127.0.0.1 -k /etc/opt/csw/rndc.key status
version: 9.7.3
CPUs found: 4
worker threads: 4
number of zones: 44
debug level: 1
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
$ pkginfo -l CSWbind
PKGINST: CSWbind
NAME: bind - ISC BIND 9.7.3 DNS main package
CATEGORY: application
ARCH: sparc
VERSION: 9.7.3,REV=2011.02.19
BASEDIR: /opt/csw
VENDOR: http://www.isc.org/software/bind packaged by Blastwave.org Inc.
DESC: CSWbind - ISC BIND 9.7.3 DNS main package
PSTAMP: mimas20110219031415
INSTDATE: Feb 19 2011 16:57
HOTLINE: http://www.blastwave.org/
EMAIL: support at blastwave.org
STATUS: completely installed
FILES: 361 installed pathnames
9 shared pathnames
23 linked files
17 directories
34 executables
28684 blocks used (approx)
This has been tested all the way back to Solaris 8 on i386 and sparc so it
looks very solid.
The 9.7.3 packages are released a few minutes ago to the primary site at
download.blastwave.org and it will be in the various US universities and
then the other 50 or so mirrors within six hours. More or less.
> I do not know the answer to your question about the NIST CVE listings,
> but I will inquire. Our CVE numbers actually come to us from
> Carnegie-Mellon CERT, not NIST, but NIST does keep an up to date list
> generally.
>
> I'll also post here if/when I find out more.
thank you and stay in touch !
--
Dennis Clarke
dclarke at opensolaris.ca <- Email related to the open source Solaris
dclarke at blastwave.org <- Email related to open source for Solaris
More information about the bind-users
mailing list