Re: New BIND 4 & 8 Vulnerabilities
On Wed, Nov 13, 2002 at 02:26:25PM +1100, Jason Lim wrote: > We're still on named 8.3.3-REL-NOESW (currently in stable). > > Is it much of a headache to upgrade to 9.2.x? Any particular procedure > or guide you followed that could be read somewhere? it's pretty straight-forward. nowhere near the problem it was in earlier releases of bind 9.0 and 9.1 you have to do something like "chmod -R a+rX /var/cache/bind" so that user 'bind' can read the zonefiles. you also have to enable write access in the case of secondary zonefiles and named dump files (e.g. put secondaries in a subdirectory and make only that subdir writable by user bind). dynamic updated zonefiles also have to be writable by bind. (actually, bind9 9.2.1-2.woody.1 in stable doesn't run as user 'bind', it still runs as root. only bind 9.2.x in unstable runs as bind. i discovered that when i upgraded a woody server today to woody's bind9) bind9-doc has a migration file in /usr/share/doc/bind9-doc/misc/ which explains the differences. it's stricter in enforcing RFC compliance. craig -- craig sanders <[EMAIL PROTECTED]> Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch
Re: New BIND 4 & 8 Vulnerabilities
Only gotcha I remember running into is for some reason when I did an uninstall bind 8.* / install bind 9.2.1 For some reason there where 2 bind scripts in /etc/init.d/ one named bind and one bind9 it messed with named running right so I killed bind script and left the /etc/init.d/bind9 As always.. make a back up of your Master Zone Files and if you run into any major problems you have your MZF files to rely on :) --- Sonny At 02:26 PM 11/13/2002 +1100, you wrote: > > I have a very straight setup but upgrading to bind 9 was done in under > > 4 seconds. (approx 50 domains). no troubles so far. > > yep, bind 9.2.x seems a lot better than 9.0 or 9.1. > > it seems to use more memory than bind8. > > > > i'm doing a trial upgrade (on another server by copying over zone files) > right now. > > a few little gotchas (e.g. ownership/perms of zonefiles) , but easily > fixed. > > i'll probably be ready to upgrade my main dns server in an hour or so. > > the main thing i'm worried about is that bind9 had enormous memory leaks > when i tried 9.0 several months ago. i hope they're fixed now. > We're still on named 8.3.3-REL-NOESW (currently in stable). Is it much of a headache to upgrade to 9.2.x? Any particular procedure or guide you followed that could be read somewhere? TIA.
RE: New BIND 4 & 8 Vulnerabilities
If you already have the bind-9.2.x source, read the file "doc/misc/migration". Regards, -- Thiago Lucas NOC - Matrix Internet S/A > -Original Message- > From: Jason Lim [mailto:[EMAIL PROTECTED] > Sent: Wednesday, November 13, 2002 1:26 AM > To: Craig Sanders; gravity > Cc: debian-isp@lists.debian.org > Subject: Re: New BIND 4 & 8 Vulnerabilities > > > > > I have a very straight setup but upgrading to bind 9 was done in > > > under 4 seconds. (approx 50 domains). no troubles so far. > > > > yep, bind 9.2.x seems a lot better than 9.0 or 9.1. > > > > it seems to use more memory than bind8. > > > > > > > > i'm doing a trial upgrade (on another server by copying over zone > > files) right now. > > > > a few little gotchas (e.g. ownership/perms of zonefiles) , > but easily > > fixed. > > > > i'll probably be ready to upgrade my main dns server in an > hour or so. > > > > the main thing i'm worried about is that bind9 had enormous memory > > leaks when i tried 9.0 several months ago. i hope they're > fixed now. > > > > We're still on named 8.3.3-REL-NOESW (currently in stable). > > Is it much of a headache to upgrade to 9.2.x? Any particular > procedure or guide you followed that could be read somewhere? > > TIA. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > >
Re: New BIND 4 & 8 Vulnerabilities
> > I have a very straight setup but upgrading to bind 9 was done in under > > 4 seconds. (approx 50 domains). no troubles so far. > > yep, bind 9.2.x seems a lot better than 9.0 or 9.1. > > it seems to use more memory than bind8. > > > > i'm doing a trial upgrade (on another server by copying over zone files) > right now. > > a few little gotchas (e.g. ownership/perms of zonefiles) , but easily > fixed. > > i'll probably be ready to upgrade my main dns server in an hour or so. > > the main thing i'm worried about is that bind9 had enormous memory leaks > when i tried 9.0 several months ago. i hope they're fixed now. > We're still on named 8.3.3-REL-NOESW (currently in stable). Is it much of a headache to upgrade to 9.2.x? Any particular procedure or guide you followed that could be read somewhere? TIA.
Re: New BIND 4 & 8 Vulnerabilities
On Wed, Nov 13, 2002 at 02:26:25PM +1100, Jason Lim wrote: > We're still on named 8.3.3-REL-NOESW (currently in stable). > > Is it much of a headache to upgrade to 9.2.x? Any particular procedure > or guide you followed that could be read somewhere? it's pretty straight-forward. nowhere near the problem it was in earlier releases of bind 9.0 and 9.1 you have to do something like "chmod -R a+rX /var/cache/bind" so that user 'bind' can read the zonefiles. you also have to enable write access in the case of secondary zonefiles and named dump files (e.g. put secondaries in a subdirectory and make only that subdir writable by user bind). dynamic updated zonefiles also have to be writable by bind. (actually, bind9 9.2.1-2.woody.1 in stable doesn't run as user 'bind', it still runs as root. only bind 9.2.x in unstable runs as bind. i discovered that when i upgraded a woody server today to woody's bind9) bind9-doc has a migration file in /usr/share/doc/bind9-doc/misc/ which explains the differences. it's stricter in enforcing RFC compliance. craig -- craig sanders <[EMAIL PROTECTED]> Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: New BIND 4 & 8 Vulnerabilities
On Wed, Nov 13, 2002 at 02:35:44AM +0100, gravity wrote: > I have a very straight setup but upgrading to bind 9 was done in under > 4 seconds. (approx 50 domains). no troubles so far. yep, bind 9.2.x seems a lot better than 9.0 or 9.1. it seems to use more memory than bind8. i'm doing a trial upgrade (on another server by copying over zone files) right now. a few little gotchas (e.g. ownership/perms of zonefiles) , but easily fixed. i'll probably be ready to upgrade my main dns server in an hour or so. the main thing i'm worried about is that bind9 had enormous memory leaks when i tried 9.0 several months ago. i hope they're fixed now. craig -- craig sanders <[EMAIL PROTECTED]> Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch
Re: New BIND 4 & 8 Vulnerabilities
On Wed, Nov 13, 2002 at 11:04:01AM +1100, Craig Sanders wrote: > On Tue, Nov 12, 2002 at 12:53:51PM -0600, Sonny Kupka wrote: > > Why not use Bind 9.2.1.. > > > > It's in woody.. When I came over from Slackware to Debian I installed > > it and haven't looked back.. > > > > The file format was the same from 8.3.* to 9.2.1 I didn't have to do > > anything.. > > is this fully backwards-compatible? > > last time i looked at bind9, the zonefile format had some slight > incompatibilities - no problem if you only have a few zonefiles that > need editing, but a major PITA if you have hundreds. > > if there are zonefile incompatibilities, is there a script > to assist in converting zonefiles? > > craig sanders <[EMAIL PROTECTED]> I have a very straight setup but upgrading to bind 9 was done in under 4 seconds. (approx 50 domains). no troubles so far. -- tinus
Re: New BIND 4 & 8 Vulnerabilities
Only gotcha I remember running into is for some reason when I did an uninstall bind 8.* / install bind 9.2.1 For some reason there where 2 bind scripts in /etc/init.d/ one named bind and one bind9 it messed with named running right so I killed bind script and left the /etc/init.d/bind9 As always.. make a back up of your Master Zone Files and if you run into any major problems you have your MZF files to rely on :) --- Sonny At 02:26 PM 11/13/2002 +1100, you wrote: > > I have a very straight setup but upgrading to bind 9 was done in under > > 4 seconds. (approx 50 domains). no troubles so far. > > yep, bind 9.2.x seems a lot better than 9.0 or 9.1. > > it seems to use more memory than bind8. > > > > i'm doing a trial upgrade (on another server by copying over zone files) > right now. > > a few little gotchas (e.g. ownership/perms of zonefiles) , but easily > fixed. > > i'll probably be ready to upgrade my main dns server in an hour or so. > > the main thing i'm worried about is that bind9 had enormous memory leaks > when i tried 9.0 several months ago. i hope they're fixed now. > We're still on named 8.3.3-REL-NOESW (currently in stable). Is it much of a headache to upgrade to 9.2.x? Any particular procedure or guide you followed that could be read somewhere? TIA. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: New BIND 4 & 8 Vulnerabilities
If you already have the bind-9.2.x source, read the file "doc/misc/migration". Regards, -- Thiago Lucas NOC - Matrix Internet S/A > -Original Message- > From: Jason Lim [mailto:maillist@;jasonlim.com] > Sent: Wednesday, November 13, 2002 1:26 AM > To: Craig Sanders; gravity > Cc: [EMAIL PROTECTED] > Subject: Re: New BIND 4 & 8 Vulnerabilities > > > > > I have a very straight setup but upgrading to bind 9 was done in > > > under 4 seconds. (approx 50 domains). no troubles so far. > > > > yep, bind 9.2.x seems a lot better than 9.0 or 9.1. > > > > it seems to use more memory than bind8. > > > > > > > > i'm doing a trial upgrade (on another server by copying over zone > > files) right now. > > > > a few little gotchas (e.g. ownership/perms of zonefiles) , > but easily > > fixed. > > > > i'll probably be ready to upgrade my main dns server in an > hour or so. > > > > the main thing i'm worried about is that bind9 had enormous memory > > leaks when i tried 9.0 several months ago. i hope they're > fixed now. > > > > We're still on named 8.3.3-REL-NOESW (currently in stable). > > Is it much of a headache to upgrade to 9.2.x? Any particular > procedure or guide you followed that could be read somewhere? > > TIA. > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: New BIND 4 & 8 Vulnerabilities
> > I have a very straight setup but upgrading to bind 9 was done in under > > 4 seconds. (approx 50 domains). no troubles so far. > > yep, bind 9.2.x seems a lot better than 9.0 or 9.1. > > it seems to use more memory than bind8. > > > > i'm doing a trial upgrade (on another server by copying over zone files) > right now. > > a few little gotchas (e.g. ownership/perms of zonefiles) , but easily > fixed. > > i'll probably be ready to upgrade my main dns server in an hour or so. > > the main thing i'm worried about is that bind9 had enormous memory leaks > when i tried 9.0 several months ago. i hope they're fixed now. > We're still on named 8.3.3-REL-NOESW (currently in stable). Is it much of a headache to upgrade to 9.2.x? Any particular procedure or guide you followed that could be read somewhere? TIA. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: New BIND 4 & 8 Vulnerabilities
On Tue, Nov 12, 2002 at 12:53:51PM -0600, Sonny Kupka wrote: > Why not use Bind 9.2.1.. > > It's in woody.. When I came over from Slackware to Debian I installed > it and haven't looked back.. > > The file format was the same from 8.3.* to 9.2.1 I didn't have to do > anything.. is this fully backwards-compatible? last time i looked at bind9, the zonefile format had some slight incompatibilities - no problem if you only have a few zonefiles that need editing, but a major PITA if you have hundreds. if there are zonefile incompatibilities, is there a script to assist in converting zonefiles? craig -- craig sanders <[EMAIL PROTECTED]> Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch
RE: incoming request proxying
There's also another package called squidGuard which does it well. The only issue with it is that it doesn't support webdav very well, (ie, Outlook Web Access 2000) I do have a perl script for doing reverse proxying with support for webdav, message me off list if you would like a copy of it. Daniel Hooper Systems Administrator Emerge Technologies Pty Ltd -Original Message- From: Mark Janssen [mailto:[EMAIL PROTECTED] Sent: Tuesday, 12 November 2002 8:24 PM To: Paul Johnson Cc: debian-isp List Subject: Re: incoming request proxying On Tue, 2002-11-12 at 12:09, Paul Johnson wrote: > Is there a way to make either Apache or Squid (preferrably Squid, but > I can go either way here) proxy requests from the outside world to > machines that are inside a network inaccessable to the outside world? > > Like, say, requests to /whatever go to host/whatever, where host is > unreachable outside. This is called reverse-proxying, and is possible with the apache-proxying module. You should be able to find all documentation on the apache website (http://httpd.apache.org/docs) I've had this working a long time ago on some company servers, but I can't access those at the moment to copy/paste the correct rules to you. -- Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178 Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS.com|nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: New BIND 4 & 8 Vulnerabilities
On Wed, Nov 13, 2002 at 02:35:44AM +0100, gravity wrote: > I have a very straight setup but upgrading to bind 9 was done in under > 4 seconds. (approx 50 domains). no troubles so far. yep, bind 9.2.x seems a lot better than 9.0 or 9.1. it seems to use more memory than bind8. i'm doing a trial upgrade (on another server by copying over zone files) right now. a few little gotchas (e.g. ownership/perms of zonefiles) , but easily fixed. i'll probably be ready to upgrade my main dns server in an hour or so. the main thing i'm worried about is that bind9 had enormous memory leaks when i tried 9.0 several months ago. i hope they're fixed now. craig -- craig sanders <[EMAIL PROTECTED]> Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: New BIND 4 & 8 Vulnerabilities
On Wed, Nov 13, 2002 at 11:04:01AM +1100, Craig Sanders wrote: > On Tue, Nov 12, 2002 at 12:53:51PM -0600, Sonny Kupka wrote: > > Why not use Bind 9.2.1.. > > > > It's in woody.. When I came over from Slackware to Debian I installed > > it and haven't looked back.. > > > > The file format was the same from 8.3.* to 9.2.1 I didn't have to do > > anything.. > > is this fully backwards-compatible? > > last time i looked at bind9, the zonefile format had some slight > incompatibilities - no problem if you only have a few zonefiles that > need editing, but a major PITA if you have hundreds. > > if there are zonefile incompatibilities, is there a script > to assist in converting zonefiles? > > craig sanders <[EMAIL PROTECTED]> I have a very straight setup but upgrading to bind 9 was done in under 4 seconds. (approx 50 domains). no troubles so far. -- tinus -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: New BIND 4 & 8 Vulnerabilities
On Tue, Nov 12, 2002 at 12:53:51PM -0600, Sonny Kupka wrote: > Why not use Bind 9.2.1.. > > It's in woody.. When I came over from Slackware to Debian I installed > it and haven't looked back.. > > The file format was the same from 8.3.* to 9.2.1 I didn't have to do > anything.. is this fully backwards-compatible? last time i looked at bind9, the zonefile format had some slight incompatibilities - no problem if you only have a few zonefiles that need editing, but a major PITA if you have hundreds. if there are zonefile incompatibilities, is there a script to assist in converting zonefiles? craig -- craig sanders <[EMAIL PROTECTED]> Fabricati Diem, PVNC. -- motto of the Ankh-Morpork City Watch -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: incoming request proxying
There's also another package called squidGuard which does it well. The only issue with it is that it doesn't support webdav very well, (ie, Outlook Web Access 2000) I do have a perl script for doing reverse proxying with support for webdav, message me off list if you would like a copy of it. Daniel Hooper Systems Administrator Emerge Technologies Pty Ltd -Original Message- From: Mark Janssen [mailto:maniac@;maniac.nl] Sent: Tuesday, 12 November 2002 8:24 PM To: Paul Johnson Cc: debian-isp List Subject: Re: incoming request proxying On Tue, 2002-11-12 at 12:09, Paul Johnson wrote: > Is there a way to make either Apache or Squid (preferrably Squid, but > I can go either way here) proxy requests from the outside world to > machines that are inside a network inaccessable to the outside world? > > Like, say, requests to /whatever go to host/whatever, where host is > unreachable outside. This is called reverse-proxying, and is possible with the apache-proxying module. You should be able to find all documentation on the apache website (http://httpd.apache.org/docs) I've had this working a long time ago on some company servers, but I can't access those at the moment to copy/paste the correct rules to you. -- Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178 Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS.com|nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: New BIND 4 & 8 Vulnerabilities
I've taken Sonny's suggestion and upgraded to the bind9 package. Initially I thought I had a serious problem, as named was not answering any queries, however it seems to have "fixed itself". Ordinarily that would spook me, but in this situation I think I'd rather have spooky software than known-to-be-exploitable software :-) Thanks for the suggestion, Sonny. -- Jeff S Wheeler [EMAIL PROTECTED] Software DevelopmentFive Elements, Inc http://www.five-elements.com/~jsw/ On Tue, 2002-11-12 at 13:53, Sonny Kupka wrote: > Why not use Bind 9.2.1.. > > It's in woody.. When I came over from Slackware to Debian I installed it > and haven't looked back.. > > The file format was the same from 8.3.* to 9.2.1 I didn't have to do > anything.. > > --- > Sonny > > > At 01:08 PM 11/12/2002 -0500, Jeff S Wheeler wrote: > >See ISC.ORG for information on new BIND vulnerabilities. Current bind > >package in woody is 8.3.3, which is an affected version. Patches are > >not available yet, it seems. > > > >http://www.isc.org/products/BIND/bind-security.html > > > >-- > >Jeff S Wheeler [EMAIL PROTECTED] > >Software DevelopmentFive Elements, Inc > >http://www.five-elements.com/~jsw/ > > signature.asc Description: This is a digitally signed message part
Re: New BIND 4 & 8 Vulnerabilities
I've taken Sonny's suggestion and upgraded to the bind9 package. Initially I thought I had a serious problem, as named was not answering any queries, however it seems to have "fixed itself". Ordinarily that would spook me, but in this situation I think I'd rather have spooky software than known-to-be-exploitable software :-) Thanks for the suggestion, Sonny. -- Jeff S Wheeler [EMAIL PROTECTED] Software DevelopmentFive Elements, Inc http://www.five-elements.com/~jsw/ On Tue, 2002-11-12 at 13:53, Sonny Kupka wrote: > Why not use Bind 9.2.1.. > > It's in woody.. When I came over from Slackware to Debian I installed it > and haven't looked back.. > > The file format was the same from 8.3.* to 9.2.1 I didn't have to do anything.. > > --- > Sonny > > > At 01:08 PM 11/12/2002 -0500, Jeff S Wheeler wrote: > >See ISC.ORG for information on new BIND vulnerabilities. Current bind > >package in woody is 8.3.3, which is an affected version. Patches are > >not available yet, it seems. > > > >http://www.isc.org/products/BIND/bind-security.html > > > >-- > >Jeff S Wheeler [EMAIL PROTECTED] > >Software DevelopmentFive Elements, Inc > >http://www.five-elements.com/~jsw/ > > signature.asc Description: This is a digitally signed message part
Re: New BIND 4 & 8 Vulnerabilities
bind9 is also supporting ACL and other new features. so it is a good idea to use bind9.x.x instead of bind8.x.x // Tobias 'rippe' Kuhrmann -- BITKRAFT, IT SOLUTIONS Tobias Kuhrmann, Technical Director Immanuel-Kant. Str. 15 51427 Bergisch Gladbach http://www.bitkraft.de -Ursprüngliche Nachricht- Von: Sonny Kupka [mailto:[EMAIL PROTECTED] Gesendet: Dienstag, 12. November 2002 19:54 An: Jeff S Wheeler; debian-isp@lists.debian.org Betreff: Re: New BIND 4 & 8 Vulnerabilities Why not use Bind 9.2.1.. It's in woody.. When I came over from Slackware to Debian I installed it and haven't looked back.. The file format was the same from 8.3.* to 9.2.1 I didn't have to do anything.. --- Sonny At 01:08 PM 11/12/2002 -0500, Jeff S Wheeler wrote: >See ISC.ORG for information on new BIND vulnerabilities. Current bind >package in woody is 8.3.3, which is an affected version. Patches are >not available yet, it seems. > >http://www.isc.org/products/BIND/bind-security.html > >-- >Jeff S Wheeler [EMAIL PROTECTED] >Software DevelopmentFive Elements, Inc >http://www.five-elements.com/~jsw/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: New BIND 4 & 8 Vulnerabilities
Why not use Bind 9.2.1.. It's in woody.. When I came over from Slackware to Debian I installed it and haven't looked back.. The file format was the same from 8.3.* to 9.2.1 I didn't have to do anything.. --- Sonny At 01:08 PM 11/12/2002 -0500, Jeff S Wheeler wrote: See ISC.ORG for information on new BIND vulnerabilities. Current bind package in woody is 8.3.3, which is an affected version. Patches are not available yet, it seems. http://www.isc.org/products/BIND/bind-security.html -- Jeff S Wheeler [EMAIL PROTECTED] Software DevelopmentFive Elements, Inc http://www.five-elements.com/~jsw/
New BIND 4 & 8 Vulnerabilities
See ISC.ORG for information on new BIND vulnerabilities. Current bind package in woody is 8.3.3, which is an affected version. Patches are not available yet, it seems. http://www.isc.org/products/BIND/bind-security.html -- Jeff S Wheeler [EMAIL PROTECTED] Software DevelopmentFive Elements, Inc http://www.five-elements.com/~jsw/ signature.asc Description: This is a digitally signed message part
Re: New BIND 4 & 8 Vulnerabilities
bind9 is also supporting ACL and other new features. so it is a good idea to use bind9.x.x instead of bind8.x.x // Tobias 'rippe' Kuhrmann -- BITKRAFT, IT SOLUTIONS Tobias Kuhrmann, Technical Director Immanuel-Kant. Str. 15 51427 Bergisch Gladbach http://www.bitkraft.de -Ursprüngliche Nachricht- Von: Sonny Kupka [mailto:sonny@;nothnbut.net] Gesendet: Dienstag, 12. November 2002 19:54 An: Jeff S Wheeler; [EMAIL PROTECTED] Betreff: Re: New BIND 4 & 8 Vulnerabilities Why not use Bind 9.2.1.. It's in woody.. When I came over from Slackware to Debian I installed it and haven't looked back.. The file format was the same from 8.3.* to 9.2.1 I didn't have to do anything.. --- Sonny At 01:08 PM 11/12/2002 -0500, Jeff S Wheeler wrote: >See ISC.ORG for information on new BIND vulnerabilities. Current bind >package in woody is 8.3.3, which is an affected version. Patches are >not available yet, it seems. > >http://www.isc.org/products/BIND/bind-security.html > >-- >Jeff S Wheeler [EMAIL PROTECTED] >Software DevelopmentFive Elements, Inc >http://www.five-elements.com/~jsw/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: New BIND 4 & 8 Vulnerabilities
Why not use Bind 9.2.1.. It's in woody.. When I came over from Slackware to Debian I installed it and haven't looked back.. The file format was the same from 8.3.* to 9.2.1 I didn't have to do anything.. --- Sonny At 01:08 PM 11/12/2002 -0500, Jeff S Wheeler wrote: See ISC.ORG for information on new BIND vulnerabilities. Current bind package in woody is 8.3.3, which is an affected version. Patches are not available yet, it seems. http://www.isc.org/products/BIND/bind-security.html -- Jeff S Wheeler [EMAIL PROTECTED] Software DevelopmentFive Elements, Inc http://www.five-elements.com/~jsw/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
New BIND 4 & 8 Vulnerabilities
See ISC.ORG for information on new BIND vulnerabilities. Current bind package in woody is 8.3.3, which is an affected version. Patches are not available yet, it seems. http://www.isc.org/products/BIND/bind-security.html -- Jeff S Wheeler [EMAIL PROTECTED] Software DevelopmentFive Elements, Inc http://www.five-elements.com/~jsw/ signature.asc Description: This is a digitally signed message part
Re: incoming request proxying
On Tue, 2002-11-12 at 12:09, Paul Johnson wrote: > Is there a way to make either Apache or Squid (preferrably Squid, but > I can go either way here) proxy requests from the outside world to > machines that are inside a network inaccessable to the outside world? > > Like, say, requests to /whatever go to host/whatever, where host is > unreachable outside. This is called reverse-proxying, and is possible with the apache-proxying module. You should be able to find all documentation on the apache website (http://httpd.apache.org/docs) I've had this working a long time ago on some company servers, but I can't access those at the moment to copy/paste the correct rules to you. -- Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178 Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS.com|nl
Müzik ve aradýklarýnýz sgvj
Mp3sa yine bir ilki gerçekleþtiriyor: Klip arþivi! Full albüm ve single parçalar mp3 halinde! Arayýpta bulamadýðýnýz bütün parçalar için birde sitemize bakýn: http://www.mp3sa.com Full Turkçe Album Full Yabancý Album A-Z Yerli Mp3 A-Z Yabancý Mp3 En Iyý 20 Yerli Výdeo Klýp Yabancý Výdeo Klýp Yerli ve Yab. Arsýv Hepsine birden ulaþabileceðiz tek bir adres var http://www.mp3sa.com
incoming request proxying
Is there a way to make either Apache or Squid (preferrably Squid, but I can go either way here) proxy requests from the outside world to machines that are inside a network inaccessable to the outside world? Like, say, requests to /whatever go to host/whatever, where host is unreachable outside. -- .''`. Baloo Ursidae <[EMAIL PROTECTED]> : :' :proud Debian admin and user `. `'` `- Debian - when you have better things to do than to fix a system pgpOlQwotwYgL.pgp Description: PGP signature
Re: incoming request proxying
On Tue, 2002-11-12 at 12:09, Paul Johnson wrote: > Is there a way to make either Apache or Squid (preferrably Squid, but > I can go either way here) proxy requests from the outside world to > machines that are inside a network inaccessable to the outside world? > > Like, say, requests to /whatever go to host/whatever, where host is > unreachable outside. This is called reverse-proxying, and is possible with the apache-proxying module. You should be able to find all documentation on the apache website (http://httpd.apache.org/docs) I've had this working a long time ago on some company servers, but I can't access those at the moment to copy/paste the correct rules to you. -- Mark Janssen -- maniac(at)maniac.nl -- GnuPG Key Id: 357D2178 Unix / Linux, Open-Source and Internet Consultant @ SyConOS IT Maniac.nl Unix-God.Net|Org MarkJanssen.org|nl SyConOS.com|nl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Müzik ve aradýklarýnýz sgvj
Mp3sa yine bir ilki gerçekleþtiriyor: Klip arþivi! Full albüm ve single parçalar mp3 halinde! Arayýpta bulamadýðýnýz bütün parçalar için birde sitemize bakýn: http://www.mp3sa.com Full Turkçe Album Full Yabancý Album A-Z Yerli Mp3 A-Z Yabancý Mp3 En Iyý 20 Yerli Výdeo Klýp Yabancý Výdeo Klýp Yerli ve Yab. Arsýv Hepsine birden ulaþabileceðiz tek bir adres var http://www.mp3sa.com èPÔ ¨¥¶^n&§Êkz«²Ùb²Ûy¸àÂ+ajËç-¡û§²æìr¸y:è¹¹^ íiËeËfjË^®X¬¶Ç^n&§¢¸
incoming request proxying
Is there a way to make either Apache or Squid (preferrably Squid, but I can go either way here) proxy requests from the outside world to machines that are inside a network inaccessable to the outside world? Like, say, requests to /whatever go to host/whatever, where host is unreachable outside. -- .''`. Baloo Ursidae <[EMAIL PROTECTED]> : :' :proud Debian admin and user `. `'` `- Debian - when you have better things to do than to fix a system msg07145/pgp0.pgp Description: PGP signature