Hi there,
On Thu, 8 Dec 2022, Ondřej Surý wrote:
The "we don't update upstream version" policy works well only if you
carefully pick upstream version. Instead this is snapshot of Debian
at random point ...
Somewhat OT, but this applies to more or less all software which you
might think of as
> On 8. 12. 2022, at 7:57, Ben Bridges wrote:
>
> When you say “ISC packages”, are you referring to the packages in the
> ppa:isc/bind repository on launchpad?
Yes, you can find the links here: https://www.isc.org/download/
Ondrej
--
Ondřej Surý (He/Him)
ond...@isc.org
My working hours and
Thank you for your answer and pointing out this information.
When I showed you this message
client @0x53eda9122d0 172.16.11.2#48171 (example.org): query: example.org IN A
-E(0)DC (1.2.3.4) [ECS 192.168.2.0/24/0
This query was to my authoritative server which holds example.org
The client IP is a
When you say “ISC packages”, are you referring to the packages in the
ppa:isc/bind repository on launchpad?
Ben Bridges
From: Ondřej Surý
Sent: Thursday, December 8, 2022 12:26 AM
To: Ben Bridges
Cc: Emmanuel Fusté ; bind-users@lists.isc.org
Subject: Re: Bind 9.16.1 crash
In fact, it’s as
In fact, it’s as far from being “fully patched” as possible. Not all bugs are security bugs and not all crashes are security bugs.Ubuntu is pushing a version that has received most refactoring in the networking code in the recent history.The “we don’t update upstream version” policy works well
Found the answer in the manual:
"Finally, if any CLIENT-SUBNET option was present in the client query,
it is included in square brackets in the format [ECS
address/source/scope]."
https://bind9.readthedocs.io/en/v9_18_9/reference.html#namedconf-statement-category
On Wed, Dec 7, 2022 at 8:25 PM
Hello Daren,
The entire message is
client @0x53eda9122d0 172.16.11.2#48171 (example.org): query: example.org IN A
-E(0)DC (1.2.3.4) [ECS 192.168.2.0/24/0]
The version is: 9.18.7
It's both autoritative and recursive
Le jeudi 8 décembre 2022 à 01:56:57 UTC+1, Darren Ankney
a écrit :
Is that the entire log message or just part of it? Is this a
recursive or authoritative name server? What version of bind?
Logging is covered in the manual though I don't really see a
comprehensive explanation of message format (maybe it's there and I'm
just not seeing it).
Hello,
I see logs like [ECS 192.168.2.0/24/0] but I don't understand what is the last
/0 part.
Where can I get an explanation ?
Regards
--
Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from
this list
ISC funds the development of this software with paid support
As the package maintained by the Ubuntu team are “no longer” the source from
ISC (but highly modified patches onto an old 9.16.1 source tree), I’d suggest
following up with the Ubuntu maintainers of the package, as it’s likely their
back-porting of security patches from much more recent
It looks like that issue was occurring in a different part of the netmgr code
and was fixed 8 months ago.
Thanks,
Ben Bridges
From: bind-users On Behalf Of Andrew Latham
Sent: Wednesday, December 7, 2022 2:35 PM
Cc: bind-users@lists.isc.org
Subject: Re: Bind 9.16.1 crash
I see
According to the Ubuntu maintainers, the bind9 package on our server
(1:9.16.1-0ubuntu2.11) is fully patched for all the BIND 9 CVE's including the
latest batch of 6 released on 2022-09-21 (CVE-2022-38178, CVE-2022-38177,
CVE-2022-3080, CVE-2022-2906, CVE-2022-2881, and CVE-2022-2795).
From:
Current ESV : 9.16.35
No, your release is not patched.
Add the ISC PPA repo and install the latest ESV. ISC PPA packaged are
packaged by the same maintainers.
Le mer. 7 déc. 2022, 23:02, Ben Bridges a écrit :
> Ubuntu 20.04.5 is LTS and BIND 9.16 is the current stable ESV release, so
> they’re
Ubuntu 20.04.5 is LTS and BIND 9.16 is the current stable ESV release, so
they’re both still fully supported (and fully patched).
Thanks,
Ben Bridges
From: bind-users On Behalf Of John Thurston
Sent: Wednesday, December 7, 2022 2:32 PM
To: bind-users@lists.isc.org
Subject: Re: Bind 9.16.1
I see https://gitlab.isc.org/isc-projects/bind9/-/issues/3020 and
https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5998 which might
help
I did not see a CVE but only did a quick search
On Wed, Dec 7, 2022 at 12:33 PM Ben Bridges wrote:
> Greetings.
>
>
>
> This morning one of our
To me, the next step is to get your instance of BIND somewhat up to date.
I'm not a "gotta be on the bleeding edge" kinda guy, but running a
version released in first quarter of 2020 is old even by my standards.
Is there some business reason to keep running a +2 year old version of BIND?
--
Greetings.
This morning one of our BIND daemons crashed. The following messages were
logged in named.run at the time:
07-Dec-2022 11:58:37.097 general: critical: netmgr.c:687:
REQUIRE((__builtin_expect(!!((sock) != ((void *)0)), 1) &&
__builtin_expect(!!(((const isc__magic_t *)(sock))->magic
17 matches
Mail list logo
