Bugtraq mailing list archives
Re: root name server corruption, denial of service prob
From: markk () internic net (Mark Kosters)
Date: Thu, 21 Jul 1994 12:09:25 -0400 (EDT)
I was told that internic database had a corruption, someone fell asleep on their keyboard or something, anyway point is there are inaccurate records in there that need to be fixed up. I fyou depend on reverse lookups not lying to allow acces then you can get a denial of service.
Not quite true. A number of the root name servers (outside of our control) allowed recursion and got infected with bad data which in turn aided in spreading it to other non-recursive servers. The roots have since been fixed. We put in a patch to help aid in stopping this.
Restarting your nameserver should fix things, but if your BIND is pre 4.9 then it might be harder to get rid of the problems. It'd be a good idea to upgrade asap to BIND 4.9.2-940221. This should fix any refresh probs.
Bind 4.9.2-940221 is a bad idea especially for busy servers since it has a file descriptor leak. 4.9.3 is much better (now in beta). Here is info on where to get it: # Getting the bits is tricky. If you have 4.9.3-BETA7 PATCH1, you only need to # apply PATCH2 (included below). If you don't have BETA7 PATCH1 running, you # need to get them and then apply PATCH2 (see below). The files are all on # ftp.uu.net:~ftp in an unreadable directory called /private/bind: # # -rw-rw-r-- 1 vixie archive 1289153 Jul 11 03:56 bind-4.9.3-BETA7.tar.gz # -rw-rw-r-- 1 vixie archive 24196 Jul 19 18:56 b7p1 # -rw-rw-r-- 1 vixie archive 7023 Jul 19 18:56 b7p2 Mark -- Mark Kosters markk () internic net +1 703 742 4795 Software Engineer InterNIC Registration Services
Current thread:
- Re: yes, there's another hole in BIND, (continued)
- Re: yes, there's another hole in BIND Resident Hacker (Jul 22)
- Re: yes, there's another hole in BIND Paul A Vixie (Jul 22)
- Re: yes, there's another hole in BIND Perry E. Metzger (Jul 22)
- Re: yes, there's another hole in BIND Pat Myrto (Jul 22)
- Re: yes, there's another hole in BIND David Barr (Jul 22)
- Re: yes, there's another hole in BIND Joe Hentzel (Jul 22)
- *PLEASE* shut up Dave Sill (Jul 22)
- Re: Is starting a user program on priv port via inetd dangerous ? Graham Toal (Jul 22)
- Re: Sending escape sequences to xterms via wall/talk jmc () gnu ai mit edu (Jul 20)
- root name server corruption, denial of service prob Mark (Jul 21)
- Re: root name server corruption, denial of service prob Mark Kosters (Jul 21)
- Re: Escape sequences (was Wall and talkd pass binary data) Bruce Barnett (Jul 20)
- Re: Wall and talkd pass binary data G.J.W. Hagenaars (Jul 20)