Problem.
===
I'm working on getting a DHCP / Bind / DDNS server set up. When a client
receives
an IP address lease, I want the forward / reverese zones files updated
so
name lookups behave appropriately / as expected.
After a couple of
Hi Jim,
I'm getting either of the following errors:
dhcpd: unable to add reverse map from 51.20.10.172.in-addr.arpa. to
proccilapxp.dhcp.coloradostudios.com
http://proccilapxp.dhcp.coloradostudios.com: bad DNS key
dhcpd: unable to add reverse map from 51.20.10.172.in-addr.arpa. to
Note:
This email advisory is provided for your information. The most
up to date advisory information will always be at:
https://kb.isc.org/article/AA-00871 please use this URL for the
most up to date advisory information.
---
A critical defect in BIND 9 allows an attacker to cause
On Sun, Mar 24, 2013 at 04:55:13PM -0700,
blrmaani blrma...@gmail.com wrote
a message of 17 lines which said:
I am developing a monitoring script for internal use and this
requires extensive querying of TLD nameservers (a .. m).tld servers.
[TLD operator hat on.]
Hard to ansdwer without
Hello,
if I understand correctly, this isn't issue in BIND itself but it is some memory
leak in underlying regexp library (glibc in Linux case). Can you please clarify
which exact flaw in glibc (or other regex implementation) makes BIND vulnerable
to remote DoS? Is it already reported to regex
Introduction
BIND 9.8.4-P2 is a security-fix release, superceding BIND 9.8.4-P1
as the latest production release of BIND 9.8.
This document summarizes changes from BIND 9.8.3 to BIND 9.8.4-P2.
Please see the CHANGES file in the source code release for a
complete list of all
Introduction
BIND 9.9.2-P2 is a security-fix release, superceding BIND 9.9.2-P1
as the latest production release of BIND 9.9.
This document summarizes changes from BIND 9.9.1 to BIND 9.9.2-P2.
Please see the CHANGES file in the source code release for a
complete list of all
Dear Adam,
In order to minimize exploitation, we are trying to not spell out the
specific nature of the flaw publicly. I will respond to you directly
with a more detailed explanation.
Regards,
Jeff Wright
___
Please visit
I have a request for clarification:
The workaround states to rebuild BIND with regexp support disabled.
And I see new versions of BIND have been released.
Are those versions just a rebuild with regexp support disabled?
Or are they a more comprehensive fix?
thanks.
--
Jack Tavares
On 3/26/13 10:05 AM, Jack Tavares wrote:
I have a request for clarification:
The workaround states to rebuild BIND with regexp support disabled.
And I see new versions of BIND have been released.
Are those versions just a rebuild with regexp support disabled?
Or are they a more comprehensive
Thank you.
--
Jack Tavares
From: ISC Support Staff [support-st...@isc.org]
Sent: Tuesday, March 26, 2013 11:08
To: Jack Tavares
Cc: bind-us...@isc.org
Subject: Re: ISC Security Advisory: CVE-2013-2266: A Maliciously Crafted
Regular Expression Can Cause
Dear Matus,
I think you got my point. Yes. I am using Stateful Firewall and not sure my DNS
server connecting to remote DNS on non standard port?
So where i need to now look?
Regards
Papdheen M
From: Matus UHLAR - fantomas uh...@fantomas.sk
To:
Dear Brown,
I am using Stateful firewall from leading vendor company. So let me know why
still my server initiate connection to remote DNS server on non standard
destination port?
Regards
Babu
From: wbr...@e1b.org wbr...@e1b.org
To: babu dheen
Dear Vernon,
Thanks for your wonderful and detailed reply. I read the update given by you as
below.
Many stateful firewalls can also record the source and destination
IP addresses and port numbers of outgoing UDP packets and allow
subsequent incoming UDP packets with source and destination
In message 1364323396.89012.yahoomail...@web190806.mail.sg3.yahoo.com, babu d
heen writes:
Dear Brown,
I am using Stateful firewall from leading vendor company.
And you have not configured it correctly.
So let me know
why still my server initiate connection to remote DNS server on non
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Niall already answered you the other day (brackets mine):
The reply to such a query [from your server] originates from port 53
on the remote server, and is destined for the port on your server
which was used as the source of the query[, which will be
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It sounds like exactly the reverse of what Niall described in his
other e-mail (brackets mine):
The reply to such a query originates from port 53 on the remote
server [in this case, your server], and is destined for the port on
your server [in this
On Mar 26, 2013, at 3:09 PM, Novosielski, Ryan novos...@umdnj.edu wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It sounds like exactly the reverse of what Niall described in his
other e-mail (brackets mine):
The reply to such a query originates from port 53 on the remote
server
Maybe I can try.
In the very old days - when BIND as a recursive resolver was chasing
down an answer to a question, it would sent the remote authoritative DNS
server the query in a UDP packet which has a query ID which was numbered
sequentially.
This was bad as bad people could guess your next
Thanks Graham,
I appreciate the hints. However, I'm still having problems (after finding
a few more how-to's). Any other pointers / tips on what to look for?
Jim
Mar 26 14:18:24 dns04 dhcpd: DHCPRELEASE of 172.10.20.51 from
00:0b:cd:33:b6:49 (proccilapxp) via eth1 (found)
Mar 26 14:18:31
In message 20130326163235.ga31...@redhat.com, Adam Tkac writes:
Hello,
if I understand correctly, this isn't issue in BIND itself but it is some
memory
leak in underlying regexp library (glibc in Linux case). Can you please
clarify
which exact flaw in glibc (or other regex
In message camz8b4edupzje_uqespzqvs-oqwpy6hj2wasz9el397gen0...@mail.gmail.com
, Jim Bucks writes:
Thanks Graham,
I appreciate the hints. However, I'm still having problems (after finding
a few more how-to's). Any other pointers / tips on what to look for?
Jim
Fix the view to
I installed bind using the default settings in the
installer. I successfully generated a rndc.key file. I
needed to populate the etc folder, so I downloaded the
Ubuntu version of bind and extracted the contents of /etc
and put them in Windows version of etc. I went through
the files one by
I have no idea how things work on Windows, but I doubt directory is optional.
- Original Message -
From: Joanne Homier [mailto:joanne.hom...@gmail.com]
Sent: Tuesday, March 26, 2013 11:30 PM
To: bind-users@lists.isc.org bind-users@lists.isc.org
Subject: Having trouble setting up BIND
24 matches
Mail list logo