back to article BIND crash bug prompts urgent update call

A vulnerability in BIND creates a means for miscreants to crash vulnerable Domain Name System servers, posing a threat to overall internet stability as a result. Exploits targeted at BIND (Berkeley Internet Name Domain Server) version 9 are already in circulation, warns the Internet Software Consortium, the group which develops …

COMMENTS

This topic is closed for new posts.
FAIL

Berkeley Internet Name Domain Server?

Really?

How about Berkeley Internet Name Daemon?

0
0
Bronze badge

Ah, the joy...

Spent a while on this this morning. Fortunately the company for which I work implements DNS architectures which are not vulnerable.

Got to go and patch my own servers though ;)

0
0
Silver badge

And on the other side of the negative spinning Coin ....

John,

It also allows for new master remote controllers to distribute more constructive, albeit alternative, code.

0
0
M 6
FAIL

RE: Anonymous Stupid Coward

The acronym BIND was derived from its first domain use, Berkeley Internet Name Domain, and the server software being the "Berkeley Internet Name Domain (BIND) Server". It was not, as is sometimes assumed, Berkeley Internet Name Daemon

Marking something true as a Fail = Epic Fail

0
0
Linux

@ AC 29 July 12:50

The acronym BIND was derived from its first domain use, Berkeley Internet Name Domain, and the server software being the "Berkeley Internet Name Domain (BIND) Server". It was not, as is sometimes assumed, Berkeley Internet Name Daemon. The original acronym is clear from the title of and usage in the original BIND paper, The Berkeley Internet Name Domain Server.

http://en.wikipedia.org/wiki/BIND

The Penguin. Obviously, hes cute......

0
0
Silver badge
WTF?

Why?!

"BIND is used on a great majority of DNS servers on the Internet. DNS maps between easy-to-remember domain names, understood by humans, and their corresponding numerical IP addresses, needed by computers. Simply put, the system can be compared to a phone book for the internet."

Hang on... aren't the people who read this site supposed to be technically literate?

Surely you do not need to explain a fundamental technology as if we were Daily Mail readers.

0
0
Boffin

BIND

Simple.

1. Dump BIND.

2. Implement DJBDNS.

The latter has yet to have a significant bug found in it, and fully implements DNS RFCs while BIND violates several.

0
0
Silver badge

@anon coward

"The latter has yet to have a significant bug found in it"

probably because hardly anyone usesit.

", and fully implements DNS RFCs while BIND violates several."

Since BIND is the defacto DNS reference implementation if could be said that where BIND violates the RFCs , the RFCs should be updated. I'm not saying thats a good thing but...

0
0
Silver badge

Re: Ah, the joy...

"Spent a while on this this morning. Fortunately the company for which I work implements DNS architectures which are not vulnerable." .... By John Robson Posted Wednesday 29th July 2009 13:39 GMT

John,

DNS architectures are always sweetly tempted by sticky XSS Programs ... for AIdDynamic Virile Growth for Markets Capture ..... for an XXXXCellent PreDominance.

0
0
Linux

Ubuntu Updated

The Ubuntu desktop Linux auto-update system has promptly installed a new Bind9 on my PC.

:)

0
0
Linux

@Anon ... Just FEI

http://www.theregister.co.uk/2009/02/28/djbdns_cache_poisoning_vulns/

Tux, just because...

0
0
Gates Halo

Ha ha!

I run Windows DNS and so am unaffected by this vulnerability! Who's laughing now, *nixtards?

0
0
Silver badge
Alert

Bind 8

Where I am we use bind 8 on BSD4. Yes, that's BSD 4. The boss isn't one for updating stuff that is working and I for one can't really blame him.

So, I assume that bind 8 is unaffected?

0
0

Automatic update is not a good thing

Automatic update of server software? *BAD* idea...

It should work, but sometimes it doesn't, and there may be custom code or other reasons not to do so.

0
0

Not on debian yet..

Grr.. debian hasn't rolled out the update yet. They're normally fairly quick with this stuff.. especially as it's a distribtion used commonly by servers.

0
0
Linux

re automatic updates and windows

Windows first.

The Windows DNS server caused me any amount of grief in the past, not because I was trying to maintain it but because some idiot who thought it was a good idea meant that I had to spend a lot of time trying to find ways around its egregious behaviour. I'll wait a couple of days for the next Windows vulnerability than then I'll start laughing again.

Mind you, would wouldn't be laughing much if your upstream ISP/DNS provider didn't patch his systems. You're in a seriously small minority running the Windows DNS server.

Automatic updates.

I really don't know why you think automatic updates of the kind that the various major distros do. For a start, the update does not mess with configuration unless the configuration itself needs fixing and then you get to merge the new configuration with the old one.

Or are you thinking of the kind of update that happens without any user intervention? The kind that no one actually uses? The ubuntu auto-update someone mentioned earlier tells you updates are available and lets you choose which ones you want. For my money (and the continued security of my servers) I'd choose the way that gives me the patch in a few hours with little or no work on my part.

And don't get me started on Bind 8 on BSD 4 -- it may be working, but is it invulnerable to the known exploits of the last few years?

0
0
Linux

DNS issues

The cache poisoning vulnerability is a function of how DNS itself works, as opposed to being anything specific to any particular package, and all servers are affected by it to a greater or lesser extent. At least DJBDNS has never had remote root or remote crash exploits. Some of us still remember the seemingly monthly updates needed with BIND some years back.

"Do not fear the penguins, fear the black hats instead".

0
0

@Bind 8

Bind 8 has not been supported for years and is undoubtedly vulnerable to most of the recent security issues. Upgrade *NOW*.

0
0
This topic is closed for new posts.

Forums