bind DNS poisoning attack problems

bind DNS poisoning attack problems

11 July 2008

More…

There’s a DNS vulnerability checker (right hand side of page) at DoxPara Research

Note that your DNS server is probably not yours. If you were running a nameserver, you would probably know it. If the nameserver is not yours, it’s probably your ISP’s and you should poke them to plug the hole if they haven’t done it already.

So is there any updates coming for OpenSuse 10.1 or has support ended already? I didn’t see it on the list.

Thanks,

Tony

Try running YaST on 10.1, you will see some updates for bind.

I’ve some problems with yast right now… It uses too much memory.

I just hoped there would be rpm’s laying around somewhere.

On Tue, 22 Jul 2008 13:26:03 GMT
tonyfggi <tonyfggi@no-mx.forums.opensuse.org> wrote:

>
> ken_yap;1841698 Wrote:
> > Try running YaST on 10.1, you will see some updates for bind.
>
> I’ve some problems with yast right now… It uses too much memory.
>
> I just hoped there would be rpm’s laying around somewhere.
>
>
Hi
Nothing here?
http://en.opensuse.org/Package_Repositories#Update

Try running yast CLI version?


Cheers Malcolm °¿° (Linux Counter #276890)
SLED 10 SP2 i586 Kernel 2.6.16.60-0.25-default
up 5:38, 2 users, load average: 0.42, 0.81, 0.79
GPU GeForce Go 6600 TE/6200 TE Version: 173.14.09

I don’t even have gui installed so i’m already using cli-version. Also i’ve already checked that link and 10.1 doesn’t have updates regarding this DNS issue.

I’ll keep on looking, but meantime use opendns

But that update RPM must have come from somewhere so I would look at the update repositories for recent packages. Also have you tried the ncurses yast? That’s what I used, as I was using ssh.

On Wed, 23 Jul 2008 11:56:03 GMT
tonyfggi <tonyfggi@no-mx.forums.opensuse.org> wrote:

>
> I don’t even have gui installed so i’m already using cli-version. Also
> i’ve already checked that link and 10.1 doesn’t have updates regarding
> this DNS issue.
>
>
Hi
Have you tried a later release 10.2/10.3 and getting the src rpm and
building it?
rpmbuild --rebuild <name_of_source_rpm>


Cheers Malcolm °¿° (Linux Counter #276890)
SLED 10 SP2 i586 Kernel 2.6.16.60-0.25-default
up 0:52, 1 user, load average: 0.16, 0.55, 0.59
GPU GeForce Go 6600 TE/6200 TE Version: 173.14.09

I have the packages for 10.0 and 10.1 compiled so if someone needs them, I can DCC em over in IRC ( irc.freenode.net / #suse )

I found out that i’m using BIND version 9.3.2, under chroot.

There’s source rpms for 10.2 but not for chrootenv-version :frowning:

On Wed, 23 Jul 2008 14:06:04 GMT
tonyfggi <tonyfggi@no-mx.forums.opensuse.org> wrote:

>
> I found out that i’m using BIND version 9.3.2, under chroot.
>
> There’s source rpms for 10.2 but not for chrootenv-version :frowning:
>
>
Hi
SLE is based on 10.1, so you should be able to use those;
http://download.opensuse.org/repositories/server:/dns/SLE_10/


Cheers Malcolm °¿° (Linux Counter #276890)
SLED 10 SP2 i586 Kernel 2.6.16.60-0.25-default
up 2:58, 2 users, load average: 0.70, 0.50, 0.32
GPU GeForce Go 6600 TE/6200 TE Version: 173.14.09

Thanks malconlewis for suggestion!

I ended up upgrading bunch of bind packages but everything went smooth.

Thanks everybody.


222614 Jul 23 17:31 bind-9.3.5P1-0.1.i586.rpm
24208 Jul 23 17:31 bind-chrootenv-9.3.5P1-0.1.i586.rpm
2903795 Jul 23 17:31 bind-debuginfo-9.3.5P1-0.1.i586.rpm
3131075 Jul 23 17:31 bind-devel-9.3.5P1-0.1.i586.rpm
1575248 Jul 23 17:31 bind-doc-9.3.5P1-0.1.i586.rpm
924560 Jul 23 17:31 bind-libs-9.3.5P1-0.1.i586.rpm
154145 Jul 23 17:31 bind-lwresd-9.3.5P1-0.1.i586.rpm
168469 Jul 23 17:31 bind-utils-9.3.5P1-0.1.i586.rpm

Compiled for 10.0 and 10.1, no problems :wink: