Multiple DNS implementations vulnerable to cache poisoning

Discussion in 'General' started by popowich, Aug 13, 2008.

  1. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,983
    Likes Received:
    120
    Hello,

    Are you aware of the recent security updates needed for the bind package?

    Are you DNS resolvers up to date? More information can be found here.

    The upgrades themselves are easy enough, but I had some slight trouble with a few servers at work due to the firewall requirements needed for allowing the new ports needed.

    -Raymond
     


  2. yukon

    yukon Valued Member

    Joined:
    Aug 13, 2008
    Messages:
    121
    Likes Received:
    0
    very interesting . . . Yes I was aware of it. Contrary to my and the other engineer's preference we don't run our own DNS here, in fact we manage well over 100 servers (consisting of RH, w2k3, and Solaris) via host files. Its been a thorn in my side since I started here last Feb, and its on my "if we ever get up with projects, stuff I'd like to do list."

    That's interesting about the FW, I had no idea any new ports were required . . . I'll have to look into it in greater detail, thanks for the heads up.
     

  3. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,983
    Likes Received:
    120
    The firewalling that was in place in many markets could not be configured to correctly allow the more secure random source ports config. I had been using a static source port. Unfortunately the devices providing the firewalling were not firewall devices. Once I got the problem servers upgraded and put up some server side firewalls that could do the firewalling correctly I was all set. For me not all of my servers are physically where I am so it's a little bit of a pain in the butt to do OS upgrades and such.

    -Raymond
     
  4. popowich

    popowich EQ Forum Admin Staff Member

    Joined:
    Aug 12, 2008
    Messages:
    8,983
    Likes Received:
    120

Want to reply or ask your own question?

It only takes a minute to sign up (and it's free!). Click the orange sign up button to choose a username and then you can ask your own questions on the forum.
Loading...