Educause Security Discussion mailing list archives
Re: regarding the critical DNS protocol vulnerability
From: Russell Fulton <r.fulton () AUCKLAND AC NZ>
Date: Fri, 11 Jul 2008 19:17:21 +1200
On 11/07/2008, at 4:17 PM, Russ Harvey wrote:
Unfortunately the ISC fixes we tried for BIND did not work. We are running 9.4.1-P1 so first went to 9.4.2-P1, then 9.5.0-P1, then 9.5.1b1. We found either exhausted file descriptors, EDNS handling bugs, or just plain poor performance. We are back to 9.4.1-P1. Anyone else having problems with patching BIND for this problem?
we are using RHE 5 and applied their standard updates without problems. I warned our admins about the potential performance issues and they upgraded just one of the four to see how it went. Everything was OK so we upgraded the other 3 too. Typically our servers get around 10,000 queries per minute... Russell
Current thread:
- regarding the critical DNS protocol vulnerability Doug Pearson (Jul 10)
- <Possible follow-ups>
- Re: regarding the critical DNS protocol vulnerability Russell Fulton (Jul 10)
- Re: regarding the critical DNS protocol vulnerability Russ Harvey (Jul 10)
- Re: regarding the critical DNS protocol vulnerability Russell Fulton (Jul 11)
- Re: regarding the critical DNS protocol vulnerability Dick Jacobson (Jul 11)
- Re: regarding the critical DNS protocol vulnerability Keir Novik (Jul 11)
- Re: regarding the critical DNS protocol vulnerability Lutinski, Steven T (Jul 11)
- Re: regarding the critical DNS protocol vulnerability Shumon Huque (Jul 12)