Vulnerability to cache poisoning -- the rest of the solution

Jeff Lightner jlightner at water.com
Sun Jul 13 12:01:57 UTC 2008 

Peter, 

RedHat has issued patched versions of BIND (including the bind-chroot)
RPMs.

Information from RedHat for the update to bind is at:  
http://rhn.redhat.com/errata/RHSA-2008-0533.html

As noted by others you still have to take out the query port line from
named.conf and should still look at implementing DNSSEC long term.


-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Peter Laws
Sent: Friday, July 11, 2008 6:22 PM
To: bind-users at isc.org
Subject: Re: Vulnerability to cache poisoning -- the rest of the
solution

James Pratt wrote:
> Actually, no  - you have to ensure that a "query-source port 53;" line
> does not exist in your named.conf (I found this out via a posting
> earlier. No one else mentioned it before, or I have been missing
emails!

Yeah, I actually read the docs (gasp!) and it does note that if it's not

specifically set, or if the port is set to '*', then it's random (for
some 
value of 'random').  I checked all mine, too, and it was never set.

Of course, I am working under the assumption that RedHat's version of
BIND 
is also random by default ... :-)

Thanks, all.

-- 
Peter Laws / N5UWY
National Weather Center / Network Operations Center
University of Oklahoma Information Technology
plaws at ou.edu
-----------------------------------------------------------------------
Feedback? Contact my director, Craig Cochell, craigc at ou.edu. Thank you!
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------

More information about the bind-users mailing list