BIND 9.5.0 Unpatched - Passes DNS-OARC and Doxpara Tests

Jeff Lightner jlightner at water.com
Tue Jul 15 12:57:42 UTC 2008 

You can use tcpdump to see which ports are actually being used.

Of course now I need to go verify the random ports I saw were actually
more than 16...

-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Gross, Jason D
Sent: Monday, July 14, 2008 6:06 PM
To: bind-users at isc.org
Subject: RE: BIND 9.5.0 Unpatched - Passes DNS-OARC and Doxpara Tests

So...a false sense of security it is.

Thanks for the quick responses.

---------------------------------------------------------------------
Jason Gross
Network & Communications Services
Platform Engineering & Operations Services
Information Management
United Space Alliance

grossjd at usa-spaceops.com
V: (321) 799-6601  F: (321) 799-5970


-----Original Message-----
From: Jeremy C. Reed [mailto:Jeremy_Reed at isc.org] 
Sent: Monday, July 14, 2008 5:56 PM
To: Gross, Jason D
Cc: bind-users at isc.org
Subject: Re: BIND 9.5.0 Unpatched - Passes DNS-OARC and Doxpara Tests

On Mon, 14 Jul 2008, Gross, Jason D wrote:

> This might fit in the "too dumb to ask" bucket, but if my BIND servers

> are already passing the DNS-OARC and Doxpara checks, does that mean 
> that my servers don't to be patched as urgently as a server that 
> doesn't pass or are my servers as vulnerable as any other unpatched 
> server? I do intend to patch, I'm just curious if I'm relatively safe 
> or if I'm just getting a false sense of security.
> 
> My feeling is that it's probably a false sense of security.

See the 9.5.0 ARM: "If port is * or is omitted, a pool of random
unprivileged ports will be used." By default there are eight random
ports which are
recreated every 15 minutes. So that was good enough to trick those
tests.

Note that the queryport options will be obsoleted in 9.5.1 which uses a
random source port for every query.
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------

More information about the bind-users mailing list