Hack Attempt?
Found this entry in external named log: Mar 26 20:07:18 local@mercury named[4043]: [ID 873579 daemon.notice] client 72.13.58.93#39043: view outhouse: notify question section contains no SOA This IP is not one of mine. Does the word 'notify' related to zone transfers or something else. Thanks John Manson CAO/HIR/NAF Data-Communications | U.S. House of Representatives | Washington, DC 20515 Desk: 202-226-4244 | TCC: 202-226-6430 | john.man...@mail.house.govmailto:john.man...@mail.house.gov ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Hack Attempt?
On 27/03/13 15:57, Manson, John wrote: Found this entry in external named log: Mar 26 20:07:18 local@mercury named[4043]: [ID 873579 daemon.notice] client *72.13.58.93*#39043: view outhouse: notify question section contains no SOA This IP is not one of mine. Does the word ‘notify’ related to zone transfers or something else. NOTIFY is a type of DNS message that a master sends to slaves to tell it a new zone is available now (rather than waiting for the refresh to expire). You wouldn't normally expect to see NOTIFY from clients, but maybe that IP is (or thinks it is) a master for a zone you slave? It might be someone just playing (testing, etc.) or a typo (packet sent to wrong nameserver). It's unlikely to be a concerted hack, but even if it was it wouldn't matter because you're all up-to-date with patches, right? Our authoritative resolvers get a *tremendous* amount of crap that they shouldn't see. From this, I conclude there's a lot of broken or malicious stuff out there, but there's no real solution. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Hack Attempt?
You wouldn't normally expect to see NOTIFY from clients, but maybe that IP is (or thinks it is) a master for a zone you slave? or it thinks it is an authoritative slave and hasn't been told with notify master-only; to not send NOTIFY messages. http://ftp.isc.org/isc/bind9/cur/9.9/doc/arm/Bv9ARM.ch06.html#options notify If yes (the default), DNS NOTIFY messages are sent when a zone the server is authoritative for changes, see the section called Notify. The messages are sent to the servers listed in the zone's NS records (except the master server identified in the SOA MNAME field), and to any servers listed in the also-notify option. If master-only, notifies are only sent for master zones. If explicit, notifies are sent only to servers explicitly listed using also-notify. If no, no notifies are sent. Vernon Schryverv...@rhyolite.com ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
make test fails on Fedora 10
Several months ago, I reported that several of the make tests were failing due to couldn't start server ns2 and the like. Working with the BIND 9.9.2-P2 compile, I just spent several minutes tracking the source of this down with some judicious use of print in the 'bin/tests/system/start.pl' script and viewing the *.run output. It really comes down to file permissions -- a particular line from bin/tests/system/inline/ns1/named.run pointed me in that direction: 27-Mar-2013 14:24:53.970 could not open file 'named.pid': Permission denied Apparently, the file ownerships for this entire test suite are for a user and group I do not have: -rw-rw-r-- 1 10292 9901 2806 Mar 6 11:56 run.sh For the tests, BIND starts up with an empty group descriptor: I:issuing command '/home/luther/bind-9.9.2-P2/bin/named/named -m record,size,mctx -T clienttest -c named.conf -d 99 -g named.run 21 echo $!' I:Checking that reconfiguring empty zones is silent (1) ... which may be part of the problem, at least in my case. So I cheated by issuing a find . -type d -exec chmod 777 {} \; command. Now, all the tests are successful. FYI in case anyone runs into this issue. Dan Luther Operations Engineer Systems Operation Engineering Level 3 Communications One Technology Center, Tulsa OK 74103 p: 918-547-4370 e: dan.lut...@level3.commailto:name.n...@level3.com ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
FW: CVE-2013-2266 Question
In the work around section of this notice, it talks about 'make clear' and editing a file statement. No problem with that. Does 'make clear' affect the running named or is it best to stop named and start it afterward? Do I also need to run configure again or just make? Will dig and rndc be updated as well? Thanks John Manson CAO/HIR/NAF Data-Communications | U.S. House of Representatives | Washington, DC 20515 Desk: 202-226-4244 | TCC: 202-226-6430 | john.man...@mail.house.govmailto:john.man...@mail.house.gov ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: CVE-2013-2266 Question
John, You do not need to run the configure script again if you're compiling from the same directory you have compiled from previously. Just edit the specified file(s), then run make clean (and it is make clean, not make clear - this removes previously compiled objects from your build directories) make (then change to superuser or other user able to install software on your system) make install If you do not stop and start BIND, you will have the same vulnerable binary running on your system that you had before the install. You'll need to stop named and start the updated binary for the source code changes you compiled to take effect on your system. -Rich From: bind-users-bounces+rgoodson=mediacomllc@lists.isc.org [bind-users-bounces+rgoodson=mediacomllc@lists.isc.org] on behalf of Manson, John [john.man...@mail.house.gov] Sent: Wednesday, March 27, 2013 2:56 PM To: bind-users@lists.isc.org Subject: FW: CVE-2013-2266 Question In the work around section of this notice, it talks about ‘make clear’ and editing a file statement. No problem with that. Does ‘make clear’ affect the running named or is it best to stop named and start it afterward? Do I also need to run configure again or just make? Will dig and rndc be updated as well? Thanks John Manson CAO/HIR/NAF Data-Communications | U.S. House of Representatives | Washington, DC 20515 Desk: 202-226-4244 | TCC: 202-226-6430 | john.man...@mail.house.govmailto:john.man...@mail.house.gov ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: make test fails on Fedora 10
On Wed, 27 Mar 2013, Luther, Dan wrote: For the tests, BIND starts up with an empty group descriptor: I:issuing command '/home/luther/bind-9.9.2-P2/bin/named/named -m record,size,mctx -T clienttest -c named.conf -d 99 -g named.run 21 echo $!' I guess you are talking about -g. It is not a switch for group.___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: make test fails on Fedora 10
On Wed, 27 Mar 2013, Luther, Dan wrote: Working with the BIND 9.9.2-P2 compile, I just spent several minutes tracking the source of this down with some judicious use of ?print? in the ?bin/tests/system/start.pl? script and viewing the ?*.run? output. It really comes down to file permissions -- a particular line from ?bin/tests/system/inline/ns1/named.run? pointed me in that direction: 27-Mar-2013 14:24:53.970 could not open file 'named.pid': Permission denied Apparently, the file ownerships for this entire test suite are for a user and group I do not have: -rw-rw-r-- 1 10292 9901 2806 Mar 6 11:56 run.sh I assume you extracted the tarball as root. If you are using GNU tar, have a look at the --same-owner documentation in the manual page about this. Maybe your problem will go away if you extract as yourself.___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
RE: make test fails on Fedora 10
So it's not. Dan Luther Operations Engineer Systems Operation Engineering Level 3 Communications One Technology Center, Tulsa OK 74103 p: 918-547-4370 e: dan.lut...@level3.com -Original Message- From: Jeremy C. Reed [mailto:jr...@isc.org] Sent: Wednesday, March 27, 2013 3:17 PM To: Luther, Dan Cc: 'bind-us...@isc.org' Subject: Re: make test fails on Fedora 10 On Wed, 27 Mar 2013, Luther, Dan wrote: For the tests, BIND starts up with an empty group descriptor: I:issuing command '/home/luther/bind-9.9.2-P2/bin/named/named -m record,size,mctx -T clienttest -c named.conf -d 99 -g named.run 21 echo $!' I guess you are talking about -g. It is not a switch for group. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: RHEL, Centos, Fedora rpm 9.9.2-p2
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 http://www.five-ten-sg.com/util/bind-9.9.2-0.3.P2.fc18.src.rpm EL4: rpmbuild --rebuild --define 'dist .el4' \ bind-9.9.2-0.3.P2.fc18.src.rpm EL5: rpmbuild --rebuild --define 'dist .el5' \ bind-9.9.2-0.3.P2.fc18.src.rpm EL6: rpmbuild --rebuild --define 'dist .el6' \ bind-9.9.2-0.3.P2.fc18.src.rpm -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEARECAAYFAlFTbpcACgkQL6j7milTFsEm4QCgiYp9Z7ixse/GSixAGbdsgfui w34An0NaD2cO4P3fzhvTkcW/m2pfZR8Q =2PPT -END PGP SIGNATURE- ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Having trouble setting up BIND 9.9.2-P2 on Win XP PRO SP3, won't start
On 3/26/2013 9:40 PM, Novosielski, Ryan wrote: I have no idea how things work on Windows, but I doubt directory is optional. - Original Message - From: Joanne Homier [mailto:joanne.hom...@gmail.com] Sent: Tuesday, March 26, 2013 11:30 PM To:bind-users@lists.isc.org bind-users@lists.isc.org Subject: Having trouble setting up BIND 9.9.2-P2 on Win XP PRO SP3, won't start I installed bind using the default settings in the installer. I successfully generated a rndc.key file. I needed to populate the etc folder, so I downloaded the Ubuntu version of bind and extracted the contents of /etc and put them in Windows version of etc. I went through the files one by one and replaced Linux paths with Windows paths. So bind starts then immediately quits. The error report is below. I have included my config files. I am using bind only as a recursive revolver as my ISP DNS servers are super slow and they do DNS hijacking. I don't want to use any other DNS server other than the one running on my machine. I want to run my own DNS server for fun. So what could be wrong, what did I miss. named.conf: include C:\WINDOWS\system32\dns\etc\named.conf.options; include C:\WINDOWS\system32\dns\etc\named.conf.local; include C:\WINDOWS\system32\dns\etc\named.conf.default-zones; My named.conf was just fine. At least for the current version I didn't need to set the dir path, it appears to be auto set. Bind was failing to start because of a permissions issue. It couldn't open named.conf and after granting permissions it worked. This Windows machine now has a working resolver and is much faster that other remote DNS servers. Normally I only use Ubuntu and bind setup is much easier there. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: make test fails on Fedora 10
BIND 9 is setup to be build and tested as a ordinary user. You only need to be root to configure the test interfaces and to do the final install. On Linux named drops root's abilities to override file permissions so when you extract the tarball as root you get files/directories with non root ownerships which named cannot write to. -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users