SCIENTIFIC-LINUX-USERS Archives

July 2008

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: DNS changes?
From:
Fernando Rannou <[log in to unmask]>
Reply To:
Fernando Rannou <[log in to unmask]>
Date:
Thu, 24 Jul 2008 09:58:24 -0400
Content-Type:
text/plain
Parts/Attachments:
text/plain (79 lines) 
Great.Thanks
Fernando

On Thu, 2008-07-24 at 08:50 -0500, Troy Dawson wrote:
> Perhaps you should read more closely
> 
> Fernando Rannou wrote:
> > I just read in the newspaper there is a "virus" running
> > around that affects DNS that operate with a cache or resolver server.
> > So we could all be vulnerable to cache poisoning or spoofing.
> > 
> > Take a look at
> > http://www.kb.cert.org/vuls/id/800113
> 
> If you look down at the affected vendors and look at RedHat, you will see it 
> points to
> http://www.kb.cert.org/vuls/id/MIMG-7ECLBD
> which points to
> https://rhn.redhat.com/errata/RHSA-2008-0533.html
> which shows that is has already been patched, and the patch pushed out.
> Do we have it pushed out in Scientific Linux?
> Sure, we have these pushed out and announced at
> http://listserv.fnal.gov/scripts/wa.exe?A2=ind0807&L=scientific-linux-errata&T=0&X=3417C00DB65A487ABD&Y=dawson%40fnal.gov&P=432
> http://listserv.fnal.gov/scripts/wa.exe?A2=ind0807&L=scientific-linux-errata&T=0&X=3417C00DB65A487ABD&Y=dawson%40fnal.gov&P=1067
> 
> Could you be infected?
> Only if you have turned off your autoupdates.
> 
> Troy
> 
> > http://www.isc.org/index.pl?/sw/bind/forgery-resilience.php
> > http://www.microsoft.com/technet/security/Bulletin
> > http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml
> > http://news.oreilly.com/2008/07/dan-kaminsky-upgrade-your-dns.html
> > 
> > Fernando Rannou
> > 
> > On Thu, 2008-07-24 at 00:43 -0700, Keith Lofstrom wrote:
> >> On Wed, Jul 23, 2008 at 12:07:06AM -0700, Keith Lofstrom wrote:
> >>> There was a flurry of upgrades to BIND/named about a week ago.  Over
> >>> the last few days, I have noticed a few DNS failures (but that may
> >>> be coincidental).  I am learning to read debug output and developing
> >>> a better understanding of named.conf (set up by a consultant 5 years
> >>> ago) and so on, but meanwhile, is anyone else having problems?
> >>>
> >>> Try "dig ns1.hostica.com +trace" and see if it fails.
> >>>
> >>> Keith
> >> In my case, it turned out to me a couple of things.  The DNS UDP
> >> packets seem to be a bit longer now.  I am currently connected to
> >> Verizon FIOS through an Actiontec cable modem/router, which some
> >> websites say truncates UDP packets to 512 bytes, in accordance
> >> with RFC negative 666. :-)  That caused problems with hostica
> >> and others.   I changed /etc/named.conf to a policy of forward
> >> first, and used the Verizon nameservers as forwarders, taking out
> >> the lookup through the root nameservers.  Verizon does some goofy
> >> things with nonexistent URLs, but I can live with that for now.
> >>
> >> Keith
> >>
> >> --
> >> Keith Lofstrom          [log in to unmask]         Voice (503)-520-1993
> >> KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon"
> >> Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs
> >>
> -- 
> __________________________________________________
> Troy Dawson  [log in to unmask]  (630)840-6468
> Fermilab  ComputingDivision/LCSI/CSI DSS Group
> __________________________________________________
> 


-- 
Este mensaje ha sido analizado por MailScanner
en busca de virus y otros contenidos peligrosos,
y se considera que está limpio.
MailScanner agradece a transtec Computers por su apoyo.

ATOM RSS1 RSS2