Re: FreeBSD Security Advisory FreeBSD-SA-08:06.bind

From: Michael Scheidell <scheidell@xxxxxxxxxx>
Date: Sun, 13 Jul 2008 21:13:47 -0400

NOTE WELL: If a port number is specified via the query-source or
query-source-v6 options to BIND, randomized port selection will not be
used. Consequently it is strongly recommended that these options not
be used to specify fixed port numbers
--
Michael Scheidell, CTO

|SECNAP Network Security

Winner 2008 Network Products Guide Hot Companies
FreeBSD SpamAssassin Ports maintainer

From: Mark Andrews <Mark_Andrews@xxxxxxx>
Date: Mon, 14 Jul 2008 10:29:36 +1000
To: <freebsd-security@xxxxxxxxxxx>
Cc: FreeBSD Security Advisories <security-advisories@xxxxxxxxxxx>
Subject: Re: FreeBSD Security Advisory FreeBSD-SA-08:06.bind

There was no mention of checking named.conf to ensure that
a port was not specified in the query-source clauses. Just
upgrading will not fix the problem it if named.conf has

"query-source port 53".

Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews@xxxxxxx
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

_________________________________________________________________________
This email has been scanned and certified safe by SpammerTrap(r).
For Information please see http://www.spammertrap.com
_________________________________________________________________________
_______________________________________________
freebsd-security@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@xxxxxxxxxxx"

Follow-Ups:
- Re: FreeBSD Security Advisory FreeBSD-SA-08:06.bind
  - From: Mark Andrews

References:
- Re: FreeBSD Security Advisory FreeBSD-SA-08:06.bind
  - From: Mark Andrews

Prev by Date: Re: FreeBSD Security Advisory FreeBSD-SA-08:06.bind
Next by Date: freebsd-update not pulling in BIND update
Previous by thread: Re: FreeBSD Security Advisory FreeBSD-SA-08:06.bind
Next by thread: Re: FreeBSD Security Advisory FreeBSD-SA-08:06.bind
Index(es):
- Date
- Thread

Relevant Pages

Re: [Fwd: cvs commit: ports/dns/bind9 Makefile distinfo ports/dns/bind94 Makefile distinfo ports/dns
... query-source has an argument called "port" which will do what you want. ... That option *only* affects UDP queries, ... While query-source allows you to lock down to a single port, ... Most network administrators ...
(FreeBSD-Security)
Re: [Fwd: cvs commit: ports/dns/bind9 Makefile distinfo ports/dns/bind94 Makefile distinfo ports/dns
... query-source has an argument called "port" which will do what you want. ... That option *only* affects UDP queries, ... While query-source allows you to lock down to a single port, ... control for the UDP ports to be used. ...
(FreeBSD-Security)
Re: Protecting bind from DNS cache poisoning!!!
... note that bind also should not have "port" potion in query-source ... will probably unrandomize the port numbers on your outgoing requests. ... iis.se a; (1 server found) ...
(comp.protocols.dns.bind)
ipfw and bind - betst way to control dns traffic?
... Now that use of source port 53 is deprecated (like "query-source address * port 53;"), what is the best way to configure ipfw to allow dns access? ... But if I want to have some control over it in ipfw, ...
(comp.unix.bsd.freebsd.misc)
Re: EZASOKET Connect Call How to Specify Port/IP Address
... 'EZASOKET' Connect Call How to Specify Port/IP Address ... For IBMTCP-L subscribe / signoff / archive access instructions, ... assuming you are using IPv4. ... field and the destination port number in the PORT field as explained here: ...
(bit.listserv.ibm-main)