TXT record problem (Timed out)

yasinti yasintiku at yahoo.co.id
Fri Aug 25 11:18:50 UTC 2006 

Hi,
  maybe I'll upgrade bind in next time. 
  But I'm just wondering, because it's ok when I query TXT record from my internal network, so I think this version of bind has no problem with TXT record. 
  Maybe it's my firewall problem but port 53 TCP, UDP have been opened, and I tought those enough. Could you tell aother port should be opened?
  Thanks a lot and regards,
   
  ----- Original Message -----   From: "Mark Andrews" <Mark_Andrews at isc.org>
  To: "Barry Margolin" <barmar at alum.mit.edu>
  Cc: <comp-protocols-dns-bind at isc.org>
  Sent: Friday, August 25, 2006 6:50 AM
  Subject: Re: TXT record problem (Timed out) 
  

> 
>> In article <eckdv1$li2$1 at sf1.isc.org>,
>>  Mark Andrews <Mark_Andrews at isc.org> wrote:
>> 
>> > > Hi,
>> > >   my dns server is behind a firewall, and TCP and UDP port 53 have been 
>> > >   opene
>> > > d. Is there another port should be opened?
>> > >   After running dig version.bind chaos txt or named -v, I got BIND 9.1.3.
>> > >   Thanks and regards,
>> > 
>> > No one should be running BIND 9.1.3 anymore.  Upgrade.
>> 
>> While that may be good advice, what's the chance that this is even 
>> remotely related to his problem?
> 
> I doubt it has anything, as the version.bind/txt/ch query
> failed and that has always worked which indicates that it
> is not named.  This has already been pointed out by others
> and indicates a firewall problem.
> 
> What had not been pointed out is that there are lots of
> major bugs including security bugs in what he is running.
> 
> e.g.
> http://www.cert.org/advisories/CA-2002-15.html
> 
> I suspect the whole OS needs to be upgraded.  I don't know
> of any OS that shipped w/ BIND 9.1.3 that doesn't have other
> security flaws.
> 
> Named is one of a few applications that is always exposed
> to external threats.  You can often get away with not
> upgrading on a internal threat.  You can rarely get away
> with not upgrading on a external threat.  This machine is
> exposed to external threats.
> 
>> I wish in my tech support job I could get away with ignoring questions 
>> of customers who aren't running a recent release.
> 
> BIND 9.1 has been out of support for 4 years.  This is free
> support and asking someone to compile a recent version
> before getting free support is a reasonable request.  It
> also gets rid of a multitude of potential problems.
> 
> Anyone running a multi-threaded version of named shouldn't
> be running anything less than BIND 9.2.4 as all versions
> prior to that have a major race condition.  This means most
> Linux boxes shouldn't be running anything prior to BIND 9.2.4.
> 
> Mark
> 
>> -- 
>> Barry Margolin, barmar at alum.mit.edu
>> Arlington, MA
>> *** PLEASE post questions in newsgroups, not directly to me ***
>> *** PLEASE don't copy me on replies, I'll read them in the group ***
> --
> ISC Training!  October 16-20, 2006, in the San Francisco Bay Area,
> covering topics from DNS to DHCP.  Email training at isc.org.
> -- 
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org
> 
> 
> 
> 
>
 		
---------------------------------
Apakah Anda Yahoo!?
Kunjungi halaman depan Yahoo! Indonesia yang baru!

More information about the bind-users mailing list