LISTSERV - SCIENTIFIC-LINUX-USERS Archives

SCIENTIFIC-LINUX-USERS Archives

July 2008

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV

	LISTSERV Archives
	SCIENTIFIC-LINUX-USERS Home
	SCIENTIFIC-LINUX-USERS July 2008

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: DNS changes?
From:	Fernando Rannou <[log in to unmask]>
Reply To:	Fernando Rannou <[log in to unmask]>
Date:	Thu, 24 Jul 2008 09:37:59 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (51 lines)

I just read in the newspaper there is a "virus" running
around that affects DNS that operate with a cache or resolver server. 
So we could all be vulnerable to cache poisoning or spoofing.

Take a look at
http://www.kb.cert.org/vuls/id/800113
http://www.isc.org/index.pl?/sw/bind/forgery-resilience.php
http://www.microsoft.com/technet/security/Bulletin
http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml
http://news.oreilly.com/2008/07/dan-kaminsky-upgrade-your-dns.html

Fernando Rannou

On Thu, 2008-07-24 at 00:43 -0700, Keith Lofstrom wrote:
> On Wed, Jul 23, 2008 at 12:07:06AM -0700, Keith Lofstrom wrote:
> > 
> > There was a flurry of upgrades to BIND/named about a week ago.  Over
> > the last few days, I have noticed a few DNS failures (but that may
> > be coincidental).  I am learning to read debug output and developing
> > a better understanding of named.conf (set up by a consultant 5 years
> > ago) and so on, but meanwhile, is anyone else having problems?
> > 
> > Try "dig ns1.hostica.com +trace" and see if it fails.
> > 
> > Keith
> 
> In my case, it turned out to me a couple of things.  The DNS UDP
> packets seem to be a bit longer now.  I am currently connected to
> Verizon FIOS through an Actiontec cable modem/router, which some
> websites say truncates UDP packets to 512 bytes, in accordance
> with RFC negative 666. :-)  That caused problems with hostica
> and others.   I changed /etc/named.conf to a policy of forward
> first, and used the Verizon nameservers as forwarders, taking out
> the lookup through the root nameservers.  Verizon does some goofy
> things with nonexistent URLs, but I can live with that for now.
> 
> Keith
> 
> -- 
> Keith Lofstrom          [log in to unmask]         Voice (503)-520-1993
> KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
> Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
> 


-- 
Este mensaje ha sido analizado por MailScanner
en busca de virus y otros contenidos peligrosos,
y se considera que est� limpio.
MailScanner agradece a transtec Computers por su apoyo.

ATOM RSS1 RSS2

LISTSERV.FNAL.GOV