Great.Thanks Fernando On Thu, 2008-07-24 at 08:50 -0500, Troy Dawson wrote: > Perhaps you should read more closely > > Fernando Rannou wrote: > > I just read in the newspaper there is a "virus" running > > around that affects DNS that operate with a cache or resolver server. > > So we could all be vulnerable to cache poisoning or spoofing. > > > > Take a look at > > http://www.kb.cert.org/vuls/id/800113 > > If you look down at the affected vendors and look at RedHat, you will see it > points to > http://www.kb.cert.org/vuls/id/MIMG-7ECLBD > which points to > https://rhn.redhat.com/errata/RHSA-2008-0533.html > which shows that is has already been patched, and the patch pushed out. > Do we have it pushed out in Scientific Linux? > Sure, we have these pushed out and announced at > http://listserv.fnal.gov/scripts/wa.exe?A2=ind0807&L=scientific-linux-errata&T=0&X=3417C00DB65A487ABD&Y=dawson%40fnal.gov&P=432 > http://listserv.fnal.gov/scripts/wa.exe?A2=ind0807&L=scientific-linux-errata&T=0&X=3417C00DB65A487ABD&Y=dawson%40fnal.gov&P=1067 > > Could you be infected? > Only if you have turned off your autoupdates. > > Troy > > > http://www.isc.org/index.pl?/sw/bind/forgery-resilience.php > > http://www.microsoft.com/technet/security/Bulletin > > http://www.cisco.com/warp/public/707/cisco-sa-20080708-dns.shtml > > http://news.oreilly.com/2008/07/dan-kaminsky-upgrade-your-dns.html > > > > Fernando Rannou > > > > On Thu, 2008-07-24 at 00:43 -0700, Keith Lofstrom wrote: > >> On Wed, Jul 23, 2008 at 12:07:06AM -0700, Keith Lofstrom wrote: > >>> There was a flurry of upgrades to BIND/named about a week ago. Over > >>> the last few days, I have noticed a few DNS failures (but that may > >>> be coincidental). I am learning to read debug output and developing > >>> a better understanding of named.conf (set up by a consultant 5 years > >>> ago) and so on, but meanwhile, is anyone else having problems? > >>> > >>> Try "dig ns1.hostica.com +trace" and see if it fails. > >>> > >>> Keith > >> In my case, it turned out to me a couple of things. The DNS UDP > >> packets seem to be a bit longer now. I am currently connected to > >> Verizon FIOS through an Actiontec cable modem/router, which some > >> websites say truncates UDP packets to 512 bytes, in accordance > >> with RFC negative 666. :-) That caused problems with hostica > >> and others. I changed /etc/named.conf to a policy of forward > >> first, and used the Verizon nameservers as forwarders, taking out > >> the lookup through the root nameservers. Verizon does some goofy > >> things with nonexistent URLs, but I can live with that for now. > >> > >> Keith > >> > >> -- > >> Keith Lofstrom [EMAIL PROTECTED] Voice (503)-520-1993 > >> KLIC --- Keith Lofstrom Integrated Circuits --- "Your Ideas in Silicon" > >> Design Contracting in Bipolar and CMOS - Analog, Digital, and Scan ICs > >> > -- > __________________________________________________ > Troy Dawson [EMAIL PROTECTED] (630)840-6468 > Fermilab ComputingDivision/LCSI/CSI DSS Group > __________________________________________________ >
-- Este mensaje ha sido analizado por MailScanner en busca de virus y otros contenidos peligrosos, y se considera que está limpio. MailScanner agradece a transtec Computers por su apoyo.
