Bind 8.2.2-P5 picking up bogus .com NS list

Kevin Darcy kcd at daimlerchrysler.com
Thu Aug 17 02:12:33 UTC 2000


Sorry, I overlooked the subject line. 8.2.2-p5 should be immune to this kind of
cache poisoning -- if it followed a referral to "pleasure-units.com", for
instance, then it should have ignored any "com" Authority data since it didn't
match the referral it followed.

I'm not sure how this happened, but the root cause is the bogus data
"myifriendsns1.webpower.com" is giving out. I have notified the appropriate
contacts.


- Kevin

Mark Suter wrote:

> Kevin,
>
> > Some moron configured their nameserver as master for "com",
> > apparently, and you picked up the bogus NS from an answer from
> > that server. Older versions of BIND were susceptible to this
> > kind of cache poisoning.
>
> I thought that Bind 8.2.2-P5 was not susceptible to cache
> poisoning.  Have you seen this problem before with 8.2.2-P5?
>
> > What version are you running?
>
> As the subject suggests, I am running the binary I compiled
> after downloading the following files in November last year and
> checking the PGP signature.
>
>     ftp://ftp.isc.org/isc/bind/src/8.2.2-P5/bind-src.tar.gz
>     ftp://ftp.isc.org/isc/bind/src/8.2.2-P5/bind-src.tar.gz.asc
>
> > Maybe it's time to upgrade...
>
> I've just checked http://www.isc.org/products/BIND/ and 8.2.2-P5
> appears to be the current release.  To which version do you
> suggest I upgrade?
>
> Yours sincerely,
>
> -- Mark John Suter  | I know that you  believe  you understand
> suter at humbug.org.au | what you think I said, but I am not sure
> GPG key id F2FEBB36 | you realise that what you  heard  is not
> Ph: +61 4 1126 2316 | what I meant.                  anonymous
>
> -- Attached file included as plaintext by Listar --
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.2 (GNU/Linux)
> Comment: Public key available from Keyservers or http://www.uq.edu.au/~suter/
>
> iD8DBQE5mzNk7EsZXfL+uzYRAjjZAJ9vIt3vj6fvxsHT97TxQhz9RLcrqQCgilGD
> zayKQ+YgpPLKHP1DPuj7jPA=
> =ovZp
> -----END PGP SIGNATURE-----






More information about the bind-users mailing list