bind8.2 security issues

Steve Foster fosters at uk.psi.com
Mon Jul 1 14:48:18 UTC 2002


At 12:55 01/07/02 GMT, phn at icke-reklam.ipsec.nu wrote:
>
>I found a solaris-8/sparc package from steve at smc.vnet.net , i have a copy 
>on ftp://ftp.manet.nu/pub/bind/bind-9.2.1-sol8-sparc-local.gz ( yes
>you _should_ build your own, but to get running asap installing a package
>could be ok)

Hi,

i decided to build from scratch, and it seems to have gone okay. I have
started named with a modified version of the named.conf i used to use for
our 8.2.3 installations, certain things had to be removed for it to start,
such as the following:

named-xfer "/usr/local/sbin/named-xfer" ;

        topology {
                localhost;
                localnets;
                { 154.32/16; };
        };

Are these not used anymore, and is there an equivalent of named-xfer, this
is not something i need now, but will be when/if i build my secondary and
primary servers???

the startup shows the following:

Jul  1 15:41:30 testmonitor.europe.psi.com named[25973]: starting BIND
9.2.1 -u nobody -c /usr/local/etc/named.conf
Jul  1 15:41:30 hostname named[25973]: using 1 CPU
Jul  1 15:41:30 hostname named[25973]: loading configuration from
'/usr/local/etc/named.conf'
Jul  1 15:41:30 hostname named[25973]: no IPv6 interfaces found
Jul  1 15:41:30 hostname named[25973]: listening on IPv4 interface lo0,
127.0.0.1#53
Jul  1 15:41:30 hostname named[25973]: listening on IPv4 interface hme0,
154.8.2.126#53
Jul  1 15:41:30 hostname named[25973]: none:0: open:
/usr/local/etc/rndc.key: file not found
Jul  1 15:41:30 hostname named[25973]: couldn't add command channel
127.0.0.1#953: file not found
Jul  1 15:41:30 hostname named[25973]: no source of entropy found
Jul  1 15:41:30 hostname named[25973]: zones/named.127:1: no TTL specified;
using SOA MINTTL instead
Jul  1 15:41:30 hostname named[25973]: zone 127.in-addr.arpa/IN: loaded
serial 1
Jul  1 15:41:30 hostname named[25973]: zones/named.localhost:1: no TTL
specified; using SOA MINTTL instead
Jul  1 15:41:30 hostname named[25973]: zone localhost/IN: loaded serial 1
Jul  1 15:41:30 hostname named[25973]: running

Do i need to worry anout rndc.key, or is this for something else other than
resolving, and is there any specific options for named.conf to fix the
"couldn't add command channel 127.0.0.1#953: file not found" error.

my conf file is attached below, i couldn't find a sample resolver file, or
does anybody have a 9 specific one i can review.

many thanks

Steve

Conffile:

# more named.conf
options {
        directory "/usr/local/etc" ;
        pid-file "/var/domain/run/named.pid" ;
};

logging {
        channel xferlog {
                file "/var/domain/log/named-xfer" versions 5 size 1m;
                print-time yes;
                print-category yes;
                severity info;
        };

        category xfer-in { xferlog ; } ;
        category xfer-out { xferlog ; } ;
        category notify { xferlog ; } ;
        category lame-servers { null; };
        channel queries {
                file "/var/domain/log/queries" versions 5 size 10m;
                print-time yes;
                print-category no;
                print-severity yes;
        };
        category queries { queries ; } ;

};

zone "." {
        type hint ;
        file "zones/named.hint" ;
};

zone "127.in-addr.arpa" {
        type master ;
        file "zones/named.127" ;
};

zone "localhost" {
        type master ;
        file "zones/named.localhost" ;
};



Steve Foster
Senior Systems Administrator
PSINet Europe
Work: +44 (1223) 577322
Mobile: +44 (7720) 425911


More information about the bind-users mailing list