Re: [users] djbdns thread on vulnerability
On Wed, 30 Jul 2008 07:57:49 -0700, Bill Shupp [EMAIL PROTECTED] wrote: In case anyone hasn't seen this thread: http://marc.info/?l=djbdnsm=121561642400807w=2 Here's a quick summary: In short, tinydns is not vulnerable as it is not a cache. dnscache, thus far, is not vulnerable. However, the fix for vulnerable DNS caches is merely to add more randomness and possible combinations to guess. It is *NOT* a complete fix, but merely a temporary shim. Currently, an unpatched cache is vulnerable in approximately 10 seconds. With this fix in place, it can take up to 8 days of continuous attempts. The thought is that the operator of the cache should notice the activity with enough time to respond. DNSSEC is being touted as the true fix for this. If you're a djb user, he has stated that DNSSEC is basically broken at the moment and possibly not worth the effort. I haven't done enough research either way to make a decision. The details of the exploit have basically been made public at this point, and confirmed by Dan Kaminsky, the one who found the vulnerability. I have a writeup about it in my blog[1] if you're interested. There may be additional details during blackhat on August 7th, though. In short, I have to agree with Dan, Paul, and the rest of the people raising the alarm. This is fairly serious, and if you are using a vulnerable cache, please get the patch installed. If you have a cache behind a firewall or NAT that does not randomize ports, you are also vulnerable (EVEN IF YOU PATCH!), so be aware and look into getting that fixed as well. Regards, Bill 1) http://blog.godshell.com/blog/index.php?/archives/157-Steal-the-Nets-Identity.html -- Jason 'XenoPhage' Frisvold [EMAIL PROTECTED]
Re: [users] SOA Serial Numbers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Bill Shupp wrote: I chose to use tinydns default serial numbers. I believe the 1.1.5 series has custom serial support. But I haven't looked at it in a while. Is 1.1.6 considered production quality? Regards, Bill Shupp - -- - --- Jason 'XenoPhage' Frisvold Engine / Technology Programmer [EMAIL PROTECTED] RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 - --- Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFGU5gwhR5xme3cl74RAu6yAKCB4zStlSfK4xID7Ok7/qgCvuakAgCdExo7 NB/traLchDZNA4E5v633w/g= =nStO -END PGP SIGNATURE-
Re: [users] VegaDNS SOA editing problem
Bob Hutchinson wrote: you have set E_NOTICE on so it's now displaying notices The function parse_soa needs to be cleaned up to cope with undefined indexes. It has not been fixed in later versions, so perhaps this has not appeared before because something else is not set right, default soa record OK? Doh.. It's the E_NOTICE bit... When I upgraded to RHES 4.0, it moved my php.ini out of the way and put a default on in place... A quick modification fixed this.. Thanks for the tip.. PHP is not something I configure or program in on a regular basis... HTH Thanks! -- --- Jason 'XenoPhage' Frisvold Engine / Technology Programmer [EMAIL PROTECTED] RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --- Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming.
Re: [users] Troubles with the Vaga dns
Jeremy Kitchen wrote: perhaps mysql isn't running, or you don't have php configure with the correct mysql socket for your system. I wonder if it's looking for /tmp/mysql.sock ? -Jeremy -- --- Jason 'XenoPhage' Frisvold Engine / Technology Programmer [EMAIL PROTECTED] RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --- Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming.
[users] VegaDNS SOA editing problem
Hi all, I tried to edit an SOA record and I'm getting the following error : Notice: Undefined index: ttl in /usr2/webroot/sarah.emcyber.com/html/vegadns-0.9.9/src/functions.php on line 302 Warning: Cannot modify header information - headers already sent by (output started at /usr2/webroot/sarah.emcyber.com/html/vegadns-0.9.9/src/functions.php:302) in /usr2/webroot/sarah.emcyber.com/html/vegadns-0.9.9/src/records.php on line 444 I haven't tried editing an SOA record in a while, so I'm not sure at what point I lost this functionality... I'm currently running version 0.9.9 Any ideas? Thanks! -- --- Jason 'XenoPhage' Frisvold Engine / Technology Programmer [EMAIL PROTECTED] RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --- Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming.
Re: [users] Error: you do not appear to be logged in.
Allen Parker wrote: already cleared the active_sessions table, can login via commandline as mysql... when i have a moment, i'm going to kill php and rebuild it from scratch again. Before you go to that extreme.. What version of MySQL are you using? -- --- Jason 'XenoPhage' Frisvold Engine / Technology Programmer [EMAIL PROTECTED] RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --- Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming.
Re: [users] Error: you do not appear to be logged in.
Allen Parker wrote: 4.1.8 (have been even when it worked with 0.9.7) also, haven't changed any mysql settings, and it's funny that the only problem is that it's telling me that i'm not logged in when i log in... after populating a new domain by hand (mysql query browser ssh tunnel = joy) the update-data.sh worked flawlessly. Damn.. I was gonna suggest that the new password hashing in 4.1.x was causing the problem, but since you were running 0.9.7 with it, then I can't really suggest that anymore.. :( Hmmupdate_data.sh would work as it doesn't require a login ... It's only getting the data from the mysql database and reporting it back ... I can't help but think that this may still be a mysql password problem ... -- --- Jason 'XenoPhage' Frisvold Engine / Technology Programmer [EMAIL PROTECTED] RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --- Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming.
Re: [users] VegaDNS 0.9.9 Released
Bob Hutchinson wrote: On Saturday 05 Feb 2005 00:21, Bill Shupp wrote: All, I have posted VegaDNS 0.9.9 today. Major features include: - Bug fixes for wild card support, default records, sanity checks, and authenticate_user() - Smarty update (READ UPGRADE!) As stated above, please read UPGRADE if you are upgrading. Unless there are any other bugs found, I'll be renaming this 1.0 next week. 0.9.9 looks OK to me. Agreed.. I haven't had any problems since installing it.. :) -- --- Jason 'XenoPhage' Frisvold Engine / Technology Programmer [EMAIL PROTECTED] RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --- Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming.
Re: [users] Hook request
Ron Guerin wrote: Oh well, I tried. ;) If I'm the only one who cares, then I'm sure you're right. And it's a small enough change that it's not a big deal for me to do it when there's a new version. I just try to make all patching a last resort. You could always submit a patch and ask Bill to include it in the distro :) Bill's a nice guy, he does stuff like that once in a while.. *grin* - Ron -- --- Jason 'XenoPhage' Frisvold Engine / Technology Programmer [EMAIL PROTECTED] RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --- Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming.
Re: [users] Update-data
Chris Odell wrote: For some reason when I run update-data.sh from the command line, it works without a hitch. If it runs from cron it never works. Any ideas? This sounds like a path problem ... Any idea what the specific error is? Are you sure that everything in the update-data.sh script has a full path listed? Chris Odell Sorter - Email Room p/f. 702.646.2830 t.f. 800.646.2830 m. 702.525.7525 e. [EMAIL PROTECTED] w. http://www.rsnnv.com -- --- Jason 'XenoPhage' Frisvold Engine / Technology Programmer [EMAIL PROTECTED] RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --- Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming.
Re: [users] new screen shots
Bill Shupp wrote: Does anyone have time/interest to create new screen shots for the website? I've been meaning to do so, but just don't have time, and the current ones are a bit old. Thanks, Bill What kind of screenshots are you looking for? Everything? I'll stop and take a few for ya :) -- --- Jason 'XenoPhage' Frisvold Engine / Technology Programmer [EMAIL PROTECTED] RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --- Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming.
Re: [users] Feature: TXT-Type in default records for SPF
Georg Gell wrote: True, but that does not concern me. I am a small ISP, and my clients just need normal mail addresses. I don't sell sub domains, so nobody is going to send an email from a sub domain. And usually people feel the shorter an email address is the better. And having v=spf1 a mx -all makes imo sense in any case as a reasonable default for any domain. If it is not what one needs in certain special cases it can always be changed later ;) Agreed.. :) I'm on the SPF list and I see a lot of stuff come across there regarding issues with subdomains.. Figured I'd try to help out in advance, but apparently you already have a clue.. :) I just put 0.9b1 on my servers here... Looks pretty nice.. The ability to jump directly to a domain by letter is pretty cool.. :P -- --- Jason 'XenoPhage' Frisvold Engine / Technology Programmer [EMAIL PROTECTED] RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --- Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming.
Re: [users] update-data.sh not functioning correctly...
Bob Hutchinson wrote: It does not matter, any existing data file is moved/removed by the update script and the new one installed. There is no connection between VegaDNS and TinyDNS except for the data file. I think that's what confuses new users... you need to axfr your existing data into vegadns *before* starting to use the update script... They don't have to be on the same machine, you can have several VegaDNS instances and merge them into one data file, that's already built in to the update script. You can test if your data is delivering what you want without TinyDNS running, just cd into the root dir and run tinydns-get any example.com This is what makes VegaDNS so unbelievably attractive to me... I set up a secondary nameserver in about 2 minutes and it auto-populated itself because VegaDNS uses a single database.. It's great! -- --- Jason 'XenoPhage' Frisvold Engine / Technology Programmer [EMAIL PROTECTED] RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --- Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming.
Re: [users] AXFR
[EMAIL PROTECTED] wrote: but if i have secondary DNS server, i haven't two databases :Don secondary server it's written Primary nameserver (first server). Heh, good point.. :) We used it when we converted our old nameservers to djb ... Since we wanted to keep the original NS addresses, this wasn't an issue... -- --- Jason 'XenoPhage' Frisvold Engine / Technology Programmer [EMAIL PROTECTED] RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --- Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming.
[users] Successful 0.8.1 upgrade
Hi all, I've successfully upgraded to 0.8.1 from 0.7.0 ... Worked out flawlessly.. :) I have a question regarding the creation of new records. Which records need to end in a . ?? It looks like NS, CNAME, and PTR records require this.. Would it be possible to put in some sort of check to ensure that there is a trailing . ?? Also, the ability to sort by the different fields would be nice... Thanks! -- --- Jason 'XenoPhage' Frisvold Engine / Technology Programmer [EMAIL PROTECTED] RedHat Certified - RHCE # 803004140609871 MySQL Pro Certified - ID# 207171862 MySQL Core Certified - ID# 205982910 --- Something mysterious is formed, born in the silent void. Waiting alone and unmoving, it is at once still and yet in constant motion. It is the source of all programs. I do not know its name, so I will call it the Tao of Programming. signature.asc Description: This is a digitally signed message part
