[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

juicy, security related tidbits from a BIND-8.1 log file

To: namedroppers@internic.net
Subject: juicy, security related tidbits from a BIND-8.1 log file
From: Paul A Vixie <paul@VIX.COM>
Date: Wed, 21 May 1997 09:54:33 -0700

There's a DNS dynamic update tool running around out there, that doesn't use
the new UPDATE opcode but rather depends on some stupid behaviour of older
versions of BIND.  Newer versions of BIND respond as follows:

May 20 17:52:56 gw named[14994]: invalid RR type 'PTR' in authority section
	(name = '155.8.206.207.in-addr.arpa') from [206.105.188.2].53
May 20 17:52:56 gw named[14994]: unrelated additional info 'jamie.rules'
	type A from [206.105.188.2].53
May 20 17:52:57 gw named[14994]: invalid RR type 'PTR' in authority section
	(name = '155.8.206.207.in-addr.arpa') from [206.105.188.2].53
May 20 17:52:57 gw named[14994]: unrelated additional info 'jamie.rules'
	type A from [206.105.188.2].53

You will pretty much want to upgrade to BIND 8.1 or 4.9.5-P1 right about now.
(Note that BIND 8.1.1 is now in private beta testing, as is 4.9.5-P2, but the
above behaviour is in 8.1 and 4.9.5-P1.)

http://www.isc.org/isc/ is your path to salvation, or glory, or whatever.

If CERT is going to make a recommendation here, I'd like it to be for the
versions we're about to release, since there are even more, though more subtle,
security bugs fixed in the latest patches (now being tested by bind-workers.)

Prev by Date: Re: Root Nameserver Changes
Next by Date: implementation interoperability testing
Prev by thread: implementation interoperability testing
Next by thread: Last Call: Classless IN-ADDR.ARPA delegation to BCP
Index(es):
- Date
- Thread