Re: bind dies with assertion failure

2012-07-02 Thread Evan Hunt
On Mon, Jul 02, 2012 at 07:16:40PM -0500, Oscar Ricardo Silva wrote: > I *THINK* I found the reason for why we're exposed to this bug ... It > would appear that Redhat based their BIND package on 9.8.2rc1. Guess > where the patch for this bug was applied? 9.8.2rc2. Sigh. It wouldn't be the fi

Re: bind dies with assertion failure

2012-07-02 Thread Oscar Ricardo Silva
I *THINK* I found the reason for why we're exposed to this bug ... It would appear that Redhat based their BIND package on 9.8.2rc1. Guess where the patch for this bug was applied? 9.8.2rc2. Oscar On 07/02/2012 05:47 PM, Evan Hunt wrote: I can't answer for RedHat, but this bug fix was in

Re: bind dies with assertion failure

2012-07-02 Thread Evan Hunt
I can't answer for RedHat, but this bug fix was included in BIND 9.8.2. 3284. [bug] Address race conditions with the handling of rbtnode.deadlink. [RT #27738] On Mon, Jul 02, 2012 at 05:40:51PM -0500, Oscar Ricardo Silva wrote: > I may have missed something but

Re: bind dies with assertion failure

2012-07-02 Thread Oscar Ricardo Silva
I may have missed something but has this been patched in a 9.8.x version of BIND? According to the 9.9.0 release notes this has been addressed but just wondering about the availability for other vulnerable versions. Also, is there a known trigger? The reason I'm running is that we're current

Re: Using proxy DNS servers for bind as an alternative to slave servers.

2012-07-02 Thread Kevin Darcy
On 7/1/2012 2:42 PM, J P wrote: Hello all! I understand RFC compliant DNS servers use AXFR and IXFR for synching bewteen masters and slaves... and that this is the general scenario for that purpose. However, I need somebody to technically explain to me why cant I use a DNS resolver daemon s

RE: BIND, DNSSEC & AD

2012-07-02 Thread Tony Finch
Marc Lampo wrote: > > you are aware that Windows DNS service understands DNSSEC algorithm 5 > (RSA/SHA-1 – NSEC) at most ? Carsten Strotmann's post says Windows Server 2012 fixes this limitation http://strotmann.de/roller/dnsworkshop/entry/dnssec_validation_in_microsoft_dns Tony. -- f.anthony.n

Bind 9.8.1-P1 is crashing again and again

2012-07-02 Thread Gaurav Kansal
Dear Team, My BIND DNS Server is crashing again and again. I am getting these logs: Jul 2 12:03:33 gaurav named[30523]: query.c:5379: INSIST(!is_zone) failed, back trace Jul 2 12:03:33 gaurav named[30523]: #0 0x805a7a5 in assertion_failed()+0x45 Jul 2 12:03:33 gaurav named[30523

Bind 9.8.1-P1 is crashing again and again

2012-07-02 Thread Gaurav Kansal
Dear Team, My BIND DNS Server is crashing again and again. I am getting these logs: Jul 2 12:03:33 gaurav named[30523]: query.c:5379: INSIST(!is_zone) failed, back trace Jul 2 12:03:33 gaurav named[30523]: #0 0x805a7a5 in assertion_failed()+0x45 Jul 2 12:03:33 gaurav named[30523]: