nanog mailing list archives
Re: The SWAMP
From: "Bradley Dunn" <bradley () dunn org>
Date: Mon, 9 Sep 1996 20:15:34 -0400
From: Eric Ziegast <ziegast () zee im gte com> To: nanog () merit edu; namedroppers () internic net Subject: Re: The SWAMP Date: Monday, September 09, 1996 7:47 PM
In cron: # pick a random time once a week 31 10 * * 4 /usr/sbin/update-root # some other time during the week 23 20 * * 6 /usr/sbin/named.restart The shell script (off the top of my head): #!/bin/sh tmp=/tmp/rs$$ trap "rm -f $tmp" 1 2 3 14 15 chdir /etc/namedb ncftp -a -d 600 -g 5 ftp.root-servers.net:/named.root if [ ! -r named.root ]; then Mail -s "Could not get root nameserver list" hostmaster fi diff root.cache root-servers > $tmp if [ -s $tmp ]; then mv named.root root.cache # fails if couldn't download Mail -s "Root server update" hostmaster < $tmp fi rm -f $tmp
I don't like "automatic" updates. Sure it is convenient, but for something as mission-critical as name service, I would hesitate to automatically trust whatever happens to be at ftp.root-servers.net:/named.root on any given day. I would want to review it first. Plus, on most BSDish systems /etc/crontab is world readable by default. A cracker would know the exact time to attempt to hijack the FTP session and insert: . IN NS you.got.hacked.net. you.got.hacked.net. IN A 10.1.2.3 -BD - - - - - - - - - - - - - - - - -
Current thread:
- Re: The SWAMP, (continued)
- Re: The SWAMP Bradley Dunn (Sep 08)
- Re: The SWAMP Jon Zeeff (Sep 09)
- Re: The SWAMP Vadim Antonov (Sep 09)
- Re: The SWAMP Vadim Antonov (Sep 09)
- Re: The SWAMP Nick Hilliard (Sep 09)
- Re: Root Nameserver IPs Zachary DeAquila (Sep 09)
- Re: The SWAMP Eric Ziegast (Sep 09)
- Re: The SWAMP Perry E. Metzger (Sep 09)
- Re: The SWAMP Mathias Koerber (Sep 09)
- Re: The SWAMP Vadim Antonov (Sep 09)
- Re: The SWAMP Bradley Dunn (Sep 09)
- Re: The SWAMP Eric Ziegast (Sep 10)
- Re: The SWAMP Deepak Jain (Sep 10)
- Re: The SWAMP Alexis Rosen (Sep 10)
- Re: The SWAMP Eric Ziegast (Sep 10)
- Re: The SWAMP Bradley Dunn (Sep 08)