nanog mailing list archives
Re: New addresses for b.root-servers.net
From: William Herrin <bill () herrin us>
Date: Sun, 4 Jun 2023 13:19:18 -0700
On Sun, Jun 4, 2023 at 7:41 AM Izaac <izaac () setec org> wrote:
It's not a security update. It's a configuration change.
Hi Izaac, Perhaps you missed my subsequent message where I pointed out that the IP address is hard-coded in Bind which will use it by default unless configured not to.
It's also not a vulnerability. A vulnerability, as defined by MITRE for CVE is: "A weakness in the computational logic (e.g., code) found in software and hardware components that, when exploited, results in a negative impact to confidentiality, integrity, or availability.
At an absolute minimum there's an impact to confidentiality since it causes Bind to announce itself to an IP address that is not a root server. If the user configured bind with DNSSEC validation disabled, it's also a negative impact to integrity and availability since the potential false responder can steer bind away from the true DNS tree. Like well known default passwords, for which there are many CVEs, it's a vulnerability. Regards, Bill Herrin -- William Herrin bill () herrin us https://bill.herrin.us/
Current thread:
- Re: New addresses for b.root-servers.net, (continued)
- Re: New addresses for b.root-servers.net William Herrin (Jun 01)
- Re: New addresses for b.root-servers.net Masataka Ohta (Jun 01)
- Re: New addresses for b.root-servers.net Jim (Jun 02)
- Re: New addresses for b.root-servers.net William Herrin (Jun 02)
- Re: New addresses for b.root-servers.net Matthew Petach (Jun 02)
- Re: New addresses for b.root-servers.net William Herrin (Jun 01)
- Re: New addresses for b.root-servers.net Matt Corallo (Jun 03)
- Re: New addresses for b.root-servers.net William Herrin (Jun 03)
- Re: New addresses for b.root-servers.net Matt Corallo (Jun 03)
- Re: New addresses for b.root-servers.net William Herrin (Jun 03)
- Re: New addresses for b.root-servers.net Izaac (Jun 04)
- Re: New addresses for b.root-servers.net William Herrin (Jun 04)
- Re: New addresses for b.root-servers.net Mark Andrews (Jun 04)
- Re: New addresses for b.root-servers.net William Herrin (Jun 04)
- Re: New addresses for b.root-servers.net Masataka Ohta (Jun 07)
- Re: New addresses for b.root-servers.net Izaac (Jun 07)
- Re: New addresses for b.root-servers.net William Herrin (Jun 07)
- Re: New addresses for b.root-servers.net Izaac (Jun 07)
- Re: New addresses for b.root-servers.net Michael Butler via NANOG (Jun 07)
- Re: New addresses for b.root-servers.net Izaac (Jun 07)
- Re: New addresses for b.root-servers.net William Herrin (Jun 07)
- Re: New addresses for b.root-servers.net Izaac (Jun 07)