On Fri, May 18, 2018 at 04:28:24PM -0400, Jim Popovitch via bind-users wrote:
> Honest question Why are there so many sourcecode
> modifications/additions/deletions between v9.12.1 and v9.12.1-P2? Some
> files should obviously change between minor versions, but ~1300 ?
Are you sure you're
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
http://www.five-ten-sg.com/mapper/bind contains links to the source
rpms, and build instructions.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.14 (GNU/Linux)
iEYEAREKAAYFAlr/TNkACgkQL6j7milTFsHqPQCfVCKLfx5wzLjm+UkCkJx2C6f1
On 18/05/2018 21:28, Jim Popovitch via bind-users wrote:
> Honest question Why are there so many sourcecode
> modifications/additions/deletions between v9.12.1 and v9.12.1-P2? Some
> files should obviously change between minor versions, but ~1300 ?
>
> Bin9 v9.12.1-P2 changed files:
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Honest question Why are there so many sourcecode
modifications/additions/deletions between v9.12.1 and v9.12.1-P2? Some
files should obviously change between minor versions, but ~1300 ?
Bin9 v9.12.1-P2 changed files:
CVE: CVE-2018-5737
Document Version:2.0
Posting date:18 May 2018
Program Impacted:BIND
Versions affected: 9.12.0, 9.12.1
Severity:Medium
Exploitable: Remotely
Description:
A problem with the implementation of the new serve-stale feature
A new version of BIND is available to address two vulnerabilities
disclosed today: CVE-2018-5736 and CVE-2018-5737; see the respective
messages on this mailing list or consult the ISC Knowledge Base
https://kb.isc.org/category/74/0/10/Software-Products/BIND9/Security-Advisories/.
Only two
CVE: CVE-2018-5736
Document Version:2.0
Posting date:18 May 2018
Program Impacted:BIND
Versions affected: 9.12.0 and 9.12.1
Severity:Medium
Exploitable: Remotely, if an attacker can trigger a zone transfer
Description:
An error in zone
On 17 May 2018 at 17:05, Rob Moser wrote:
> We're running a series of RHEL 7.4 machines (kernel version
> 3.10.0-693.1.1.el7.x86_64) running bind version 9.9.4-RedHat-9.9.4-51.el7.
> Our configuration consists of a hidden master and three hidden
> slave/recursive resolvers.
Okies so zone xfer would happen on TCP/53 correct and notify would be sent
on udp/53?
On Fri, May 18, 2018, 7:31 PM Matus UHLAR - fantomas
wrote:
> >> On 17.05.18 23:00, Blason R wrote:
> >>> So here I am sending notification to 192.168.5.49 on port 4545; my
> >>> queries
>
On 05/18/2018 08:02 AM, Matus UHLAR - fantomas wrote:
why? is there any logic in this?
I can see a case where a hidden / internal master is used and only
accessible by direct slaves in a DMZ.
So the slaves in the DMZ act as a contact point for the world.
--
Grant. . . .
unix || die
>
> On 18 May 2018, at 16:16, Blason R wrote:
>
> why? is there any logic in this?
>
> yeah management does not want to allow direct syncing with master as they
> dont want to expose any info to them.
Interesting statement - especially since the slave servers will
why? is there any logic in this?
yeah management does not want to allow direct syncing with master as they
dont want to expose any info to them.
On Fri, May 18, 2018 at 7:32 PM, Matus UHLAR - fantomas
wrote:
> On 18.05.18 19:29, Blason R wrote:
>
>> I have this other query
On 18.05.18 19:29, Blason R wrote:
I have this other query on RPZ; I have one master server [lets say
masterns.test.com.] on cloud. One slave [slavens.test.com] in my
organization and our partner would also want to sync with slave but not
with master server.
why? is there any logic in this?
On 17.05.18 23:00, Blason R wrote:
So here I am sending notification to 192.168.5.49 on port 4545; my
queries
are
1. How do I configure port on slave 4545 so that slave server can start
listening on that port.
On Fri, May 18, 2018 at 3:02 PM, Matus UHLAR - fantomas
Hi Guys,
I have this other query on RPZ; I have one master server [lets say
masterns.test.com.] on cloud. One slave [slavens.test.com] in my
organization and our partner would also want to sync with slave but not
with master server.
How can one slave can sync with other slave? Can someone please
Nah that is not my query; instead I wanted updates to be sent on other
port and not TCP/53. Queries let it happen on UDP 53
On Fri, May 18, 2018 at 3:02 PM, Matus UHLAR - fantomas
wrote:
> On 17.05.18 23:00, Blason R wrote:
>
>> I have RPZ installed on server and its acting
Rob Moser wrote:
>
> Which a little digging shows me is often the result of network
> connectivity problems, firewall misconfigurations, etc. But in our case
> the failures are intermittent (but frequent; roughly 40% of our zone
> refreshes seem to end this way.)
Have you
On 17.05.18 23:00, Blason R wrote:
I have RPZ installed on server and its acting as a master server but
somehow port setting is not working on master
# Slave configuration
response-policy { zone "malware.trap"; };
zone "malware.trap" {
type slave;
masters { 192.168.5.48; };
file
Thats correct taht worked for me and checking further now.
On Fri, May 18, 2018 at 1:23 PM, Warren Kumari wrote:
> On Fri, May 18, 2018 at 9:41 AM Blason R wrote:
>
> > Hi there,
>
> > Thanks for the update and here is my config and error I am getting.
On Fri, May 18, 2018 at 9:41 AM Blason R wrote:
> Hi there,
> Thanks for the update and here is my config and error I am getting. Can
you please suggest correct method that should be implemented?
I believe (but don't have a machine to confirm on) that the syntax should
be:
Hi there,
Thanks for the update and here is my config and error I am getting. Can you
please suggest correct method that should be implemented?
**
zone "malware.trap" {
type master;
file "/var/lib/bind/zones/malware.trap.db";
notify explicit;
21 matches
Mail list logo