Re: v9.12.1-P2 changed files

On Fri, May 18, 2018 at 04:28:24PM -0400, Jim Popovitch via bind-users wrote: > Honest question Why are there so many sourcecode > modifications/additions/deletions between v9.12.1 and v9.12.1-P2?  Some > files should obviously change between minor versions, but ~1300 ? Are you sure you're

RHEL, Centos, Fedora rpm 9.12.1-P2

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 http://www.five-ten-sg.com/mapper/bind contains links to the source rpms, and build instructions. -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlr/TNkACgkQL6j7milTFsHqPQCfVCKLfx5wzLjm+UkCkJx2C6f1

Re: v9.12.1-P2 changed files

On 18/05/2018 21:28, Jim Popovitch via bind-users wrote: > Honest question Why are there so many sourcecode > modifications/additions/deletions between v9.12.1 and v9.12.1-P2? Some > files should obviously change between minor versions, but ~1300 ? > > Bin9 v9.12.1-P2 changed files: >

v9.12.1-P2 changed files

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Honest question Why are there so many sourcecode modifications/additions/deletions between v9.12.1 and v9.12.1-P2?  Some files should obviously change between minor versions, but ~1300 ? Bin9 v9.12.1-P2 changed files:

CVE-2018-5737: BIND 9.12's serve-stale implementation can cause an assertion failure in rbtdb.c or other undesirable behavior, even if serve-stale is not enabled.

CVE: CVE-2018-5737 Document Version:2.0 Posting date:18 May 2018 Program Impacted:BIND Versions affected: 9.12.0, 9.12.1 Severity:Medium Exploitable: Remotely Description: A problem with the implementation of the new serve-stale feature

BIND 9.12.1-P2 is now available

A new version of BIND is available to address two vulnerabilities disclosed today: CVE-2018-5736 and CVE-2018-5737; see the respective messages on this mailing list or consult the ISC Knowledge Base https://kb.isc.org/category/74/0/10/Software-Products/BIND9/Security-Advisories/. Only two

CVE-2018-5736: Multiple transfers of a zone in quick succession can cause an assertion failure in rbtdb.c

CVE: CVE-2018-5736 Document Version:2.0 Posting date:18 May 2018 Program Impacted:BIND Versions affected: 9.12.0 and 9.12.1 Severity:Medium Exploitable: Remotely, if an attacker can trigger a zone transfer Description: An error in zone

Re: Intermittent "failure trying master... operation canceled" on zone refresh

On 17 May 2018 at 17:05, Rob Moser wrote: > We're running a series of RHEL 7.4 machines (kernel version > 3.10.0-693.1.1.el7.x86_64) running bind version 9.9.4-RedHat-9.9.4-51.el7. > Our configuration consists of a hidden master and three hidden > slave/recursive resolvers.

Re: also-notify and allow-notify

Okies so zone xfer would happen on TCP/53 correct and notify would be sent on udp/53? On Fri, May 18, 2018, 7:31 PM Matus UHLAR - fantomas wrote: > >> On 17.05.18 23:00, Blason R wrote: > >>> So here I am sending notification to 192.168.5.49 on port 4545; my > >>> queries >

Re: RPZ zone update how to sync

On 05/18/2018 08:02 AM, Matus UHLAR - fantomas wrote: why? is there any logic in this? I can see a case where a hidden / internal master is used and only accessible by direct slaves in a DMZ. So the slaves in the DMZ act as a contact point for the world. -- Grant. . . . unix || die

Re: RPZ zone update how to sync

> > On 18 May 2018, at 16:16, Blason R wrote: > > why? is there any logic in this? > > yeah management does not want to allow direct syncing with master as they > dont want to expose any info to them. Interesting statement - especially since the slave servers will

Re: RPZ zone update how to sync

why? is there any logic in this? yeah management does not want to allow direct syncing with master as they dont want to expose any info to them. On Fri, May 18, 2018 at 7:32 PM, Matus UHLAR - fantomas wrote: > On 18.05.18 19:29, Blason R wrote: > >> I have this other query

Re: RPZ zone update how to sync

On 18.05.18 19:29, Blason R wrote: I have this other query on RPZ; I have one master server [lets say masterns.test.com.] on cloud. One slave [slavens.test.com] in my organization and our partner would also want to sync with slave but not with master server. why? is there any logic in this?

Re: also-notify and allow-notify

On 17.05.18 23:00, Blason R wrote: So here I am sending notification to 192.168.5.49 on port 4545; my queries are 1. How do I configure port on slave 4545 so that slave server can start listening on that port. On Fri, May 18, 2018 at 3:02 PM, Matus UHLAR - fantomas

RPZ zone update how to sync

Hi Guys, I have this other query on RPZ; I have one master server [lets say masterns.test.com.] on cloud. One slave [slavens.test.com] in my organization and our partner would also want to sync with slave but not with master server. How can one slave can sync with other slave? Can someone please

Re: also-notify and allow-notify

Nah that is not my query; instead I wanted updates to be sent on other port and not TCP/53. Queries let it happen on UDP 53 On Fri, May 18, 2018 at 3:02 PM, Matus UHLAR - fantomas wrote: > On 17.05.18 23:00, Blason R wrote: > >> I have RPZ installed on server and its acting

Re: Intermittent "failure trying master... operation canceled" on zone refresh

Rob Moser wrote: > > Which a little digging shows me is often the result of network > connectivity problems, firewall misconfigurations, etc. But in our case > the failures are intermittent (but frequent; roughly 40% of our zone > refreshes seem to end this way.) Have you

Re: also-notify and allow-notify

On 17.05.18 23:00, Blason R wrote: I have RPZ installed on server and its acting as a master server but somehow port setting is not working on master # Slave configuration response-policy { zone "malware.trap"; }; zone "malware.trap" { type slave; masters { 192.168.5.48; }; file

Re: also-notify and allow-notify

Thats correct taht worked for me and checking further now. On Fri, May 18, 2018 at 1:23 PM, Warren Kumari wrote: > On Fri, May 18, 2018 at 9:41 AM Blason R wrote: > > > Hi there, > > > Thanks for the update and here is my config and error I am getting.

Re: also-notify and allow-notify

On Fri, May 18, 2018 at 9:41 AM Blason R wrote: > Hi there, > Thanks for the update and here is my config and error I am getting. Can you please suggest correct method that should be implemented? I believe (but don't have a machine to confirm on) that the syntax should be:

Re: also-notify and allow-notify

Hi there, Thanks for the update and here is my config and error I am getting. Can you please suggest correct method that should be implemented? ** zone "malware.trap" { type master; file "/var/lib/bind/zones/malware.trap.db"; notify explicit;