Great.Thanks
Fernando
On Thu, 2008-07-24 at 08:50 -0500, Troy Dawson wrote:
> Perhaps you should read more closely
>
> Fernando Rannou wrote:
> > I just read in the newspaper there is a "virus" running
> > around that affects DNS that operate with a cache or resolver server.
> > So we could all be vulnerable to cache poisoning or spoofing.
> >
> > Take a look at
> > http://www.kb.cert.org/vuls/id/800113
>
> If you look down at the affected vendors and look at RedHat, you will see it
> points to
> http://www.kb.cert.org/vuls/id/MIMG-7ECLBD
> which points to
> https://rhn.redhat.com/errata/RHSA-2008-0533.html
> which shows that is has already been patched, and the patch pushed out.
> Do we have it pushed out in Scientific Linux?
> Sure, we have these pushed out and announced at
> http://listserv.fnal.gov/scripts/wa.exe?A2=ind0807&L=scientific-linux-errata&T=0&X=3417C00DB65A487ABD&Y=dawson%40fnal.gov&P=432
> http://listserv.fnal.gov/scripts/wa.exe?A2=ind0807&L=scientific-linux-errata&T=0&X=3417C00DB65A487ABD&Y=dawson%40fnal.gov&P=1067
>
> Could you be infected?
> Only if you have turned off your autoupdates.
>
> Troy
>
> > http://www.isc.org/index.pl?/sw/bind/forgery-resilience.php
> > http://www.microsoft.com/technet/security/Bulletin
> > http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml
> > http://news.oreilly.com/2008/07/dan-kaminsky-upgrade-your-dns.html
> >
> > Fernando Rannou
> >
> > On Thu, 2008-07-24 at 00:43 -0700, Keith Lofstrom wrote:
> >> On Wed, Jul 23, 2008 at 12:07:06AM -0700, Keith Lofstrom wrote:
> >>> There was a flurry of upgrades to BIND/named about a week ago. Over
> >>> the last few days, I have noticed a few DNS failures (but that may
> >>> be coincidental). I am learning to read debug output and developing
> >>> a better understanding of named.conf (set up by a consultant 5 years
> >>> ago) and so on, but meanwhile, is anyone else having problems?
> >>>
> >>> Try "dig ns1.hostica.com +trace" and see if it fails.
> >>>
> >>> Keith
> >> In my case, it turned out to me a couple of things. The DNS UDP
> >> packets seem to be a bit longer now. I am currently connected to
> >> Verizon FIOS through an Actiontec cable modem/router, which some
> >> websites say truncates UDP packets to 512 bytes, in accordance
> >> with RFC negative 666. :-) That caused problems with hostica
> >> and others. I changed /etc/named.conf to a policy of forward
> >> first, and used the Verizon nameservers as forwarders, taking out
> >> the lookup through the root nameservers. Verizon does some goofy
> >> things with nonexistent URLs, but I can live with that for now.
> >>
> >> Keith
> >>
> >> --
> >> Keith Lofstrom [log in to unmask] Voice (503)-520-1993
> >> KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
> >> Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
> >>
> --
> __________________________________________________
> Troy Dawson [log in to unmask] (630)840-6468
> Fermilab ComputingDivision/LCSI/CSI DSS Group
> __________________________________________________
>
--
Este mensaje ha sido analizado por MailScanner
en busca de virus y otros contenidos peligrosos,
y se considera que está limpio.
MailScanner agradece a transtec Computers por su apoyo.
|