Master to Slave Schedule to Avoid Poison Propegation
Barry Margolin
barmar at alum.mit.edu
Mon Aug 15 23:22:04 UTC 2005
In article <ddqk1j$1mko$1 at sf1.isc.org>,
Danny Mayer <comp-protocols-dns-bind at isc.org> wrote:
> Barry Margolin wrote:
> > In article <ddlp7t$tag$1 at sf1.isc.org>, Danny Mayer <mayer at gis.net>
> > wrote:
> >
> >
> >>Brad Knowles wrote:
> >>
> >>>At 6:29 AM -0700 2005-08-12, Danimal wrote:
> >>>
> >>>
> >>>
> >>>>So for example if the master somehow became compromised we could remove
> >>>>it from the network before it infected the DNS records of the slave.
> >>>>
> >>
> >>I think you're confused. An authorative nameserver's data cannot be
> >>compromised, at least not via cache poisoning since it will never accept
> >>records for zones for which it is authorative.
> >
> >
> > Who said anything about cache poisoning? I interpreted the OP to be
> > talking about someone breaking into the system, or perhaps using a BIND
> > exploit to insert new authoritative data (for instance, a bug in dynamic
> > update ACL checking).
> >
>
> If they can break in then they have far worse problems than worrying
> about poisoning the slaves. Maybe we should let the OP clarify.
I thought he was pretty clear. He's worried about the master being
compromised in some fashion that allows the authoritative data to be
modified, and wants to have a larger window of safety before it gets
propagated to the slaves.
>
> > Using a hidden master doesn't prevent this, although it might make it
> > harder for the cracker to find the machine they need to compromise. But
> > if they break into one of the slaves, they can find out the master's
> > address from its named.conf.
> >
>
> That's not even hard. See the SOA record.
If you're really trying to hide your master you wouldn't be so silly as
to put it in the SOA record!
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list