Re: DNS Bind

["Somaini, Justin" <Justin.Somaini () SCHWAB COM>]

Not that I'm aware of.  DNS is not really my strongest suite so I have to
rely upon our DNS guys.
I believe that there needs to be an upgrade to fix the problem.

If anyone disagrees please correct me.

One thing to do is to change the version posting in the named.conf file.
The scanner looking for sub 9.1 could be tricked.  Actual attack failing of
course.

-----Original Message-----
From: Russell Fulton [mailto:r.fulton () AUCKLAND AC NZ]
Sent: Wednesday, January 31, 2001 1:42 PM
To: INCIDENTS () SECURITYFOCUS COM
Subject: Re: DNS Bind


On Wed, 31 Jan 2001 10:47:24 -0800 "Somaini, Justin"
<Justin.Somaini () SCHWAB COM> wrote:

> Has anyone seen attacks, other than Microsoft, in regards to the bind tsig
> vuln.?

I've seen an increase in version probes against our advertised name
servers.

One question:  I understand that the tsig vulnerability is in the
DNSSEC code and, so far as I am aware, we are not using this now.  Are
there any options in the BIND config to disable DNSSEC? (as a stop gap
until we can get the software upgraded).

Russell Fulton, Computer and Network Security Officer
The University of Auckland,  New Zealand