Root Name Servers won't respond to named.

Brad Knowles brad.knowles at skynet.be
Tue Mar 27 22:21:37 UTC 2001


At 10:52 AM -0700 3/27/01, milton at calnek.com wrote:

>  I'm reluctant to upgrade beyond what comes from redhat.  I don't 
>belive that's
>  what the problem is.  I was previously at 8.2.2 and all of a sudden 
>it stopped
>  working.

	Problem is, BIND 8.2.2 has a root compromise that means anyone in 
the world can own your machine in nanoseconds.  There's even a Linux 
"worm" going around that will automatically compromise any vulnerable 
machine it encounters.  See 
<http://www.securityfocus.com/templates/headline.html?id=10851> and 
<http://www.securityfocus.com/bid/2302>.  Note that the latter is 
dated January 29, 2001.

	Obviously, you're one of the sites that would be compromised by 
the Linux Lion Worm (and probably already has been), since you didn't 
apply the update to your machines when the problem was first 
published in January.


	I still suggest getting at least 8.2.3-REL and installing it on 
your machines, if not trying the latest release candidate for 9.1.1 
(currently at 9.1.1rc7).  Ideally, you'd also download the source 
code and compile it for yourself, because you can't be sure that the 
binary RPMs you download have not themselves been trojaned.
-- 
Brad Knowles, <brad.knowles at skynet.be>

/*        efdtt.c  Author:  Charles M. Hannum <root at ihack.net>          */
/*       Represented as 1045 digit prime number by Phil Carmody         */
/*     Prime as DNS cname chain by Roy Arends and Walter Belgers        */
/*                                                                      */
/*     Usage is:  cat title-key scrambled.vob | efdtt >clear.vob        */
/*   where title-key = "153 2 8 105 225" or other similar 5-byte key    */

dig decss.friet.org|perl -ne'if(/^x/){s/[x.]//g;print pack(H124,$_)}'


More information about the bind-users mailing list