DNS without NSD on Irix 6.5

[adam () ALGROUP CO UK (Adam Laurie)]

In a previous thread we hinted at problems with the "nsd" service on
Irix 6.5 - it uses NFS for internal communication, giving plenty of
potential exploit material... Indeed, it turns out that the Irix 6.5.3
overlays contain some "fixes" for this...

As usual, we have some good news and some bad news:

The Bad News: The 6.5.3 overlays make no visible difference to the
operation of nsd. i.e. UDP ports are still open all over the place, so
the "fixes" are presumably of the internal access contol type.

The Good News: If you have full source for your application, you can
bypass the Irix resolver libraries altogether and use bind instead.
Simply build/install bind-8.1.2, tweak your application's cc flags with
something like "-L /usr/local/bind/lib -l bind" and rebuild at gas mark
2 for 12 minutes.

cheers,
Adam
--
Adam Laurie                   Tel: +44 (181) 742 0755
A.L. Digital Ltd.             Fax: +44 (181) 742 5995
Voysey House
Barley Mow Passage            http://www.aldigital.co.uk
London W4 4GB                 mailto:adam () algroup co uk
UNITED KINGDOM                PGP key on keyservers