servfail-ttl 0; option in the named.conf global section is crashing the named (BIND 9.10.6)

Nagesh Thati nagesh.thati at tcpwave.com
Mon Mar 5 06:37:29 UTC 2018


Thanks Mark.

________________________________
From: bind-users <bind-users-bounces at lists.isc.org> on behalf of Mark Andrews <marka at isc.org>
Sent: Monday, March 5, 2018 11:51:06 AM
To: Nagesh Thati
Cc: bind-users at lists.isc.org
Subject: Re: servfail-ttl 0; option in the named.conf global section is crashing the named (BIND 9.10.6)


> On 5 Mar 2018, at 4:50 pm, Nagesh Thati <tcpnagesh at gmail.com> wrote:
>
> Hello,
>
> I have added a servfail-ttl 0; parameter in the named.conf file in the global section and restarted the named, but named is not coming up and I don't see any errors printing in the named.log. When I do a named-checkconf on named.conf it is giving error as UNKNOWN OPTION servfail-ttl. The version I am using is BIND 9.10.6 stable build. Can some one help me on this.
> Thanks.
>
> To fix this bug I have added above parameter    CVE-2018-5734: A malformed request can trigger an assertion failure in badcache.c

CVE-2018-5734 does not apply to BIND 9.10.6 (which doesn’t have a servfail-ttl option).

CVE-2018-5734 applies to BIND 9.10.5-S1 to 9.10.5-S4, BIND 9.10.6-S1, 9.10.6-S2 (these versions have servfail-ttl as a option).

"named -v” will report which version of named you are running.

e.g
% named -v
BIND 9.10.6 <id:9d1ea0b7fe>
%

Parsing errors messages will be logged in the system log as named has not yet got far enough into the startup process to know to log the messages elsewhere.

Mark

> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742              INTERNET: marka at isc.org

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20180305/19e1ce2f/attachment.html>


More information about the bind-users mailing list