- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Audit report reg Bind version
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-12-2011 12:16 AM
09-12-2011 12:16 AM
Audit report reg Bind version
hi ,
WE do not have an hpux sevrer in our setup for DNS...we are using a windows machine.
REcently we had an audit which gave us the following report ;
The remote BIND 9 DNS server, according to its version number, is vulnerable to a buffer overflow which may allow an attacker to gain a shell on this host or to disable this server.
As far as i know we use bind for dns services..
These servers are hpux 11iv2 where we only use smtp for sending mails..
What should be our ideal reply for this case ??
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-12-2011 03:16 AM
09-12-2011 03:16 AM
Re: Audit report reg Bind version
First, find the actual IP address of the "remote BIND 9 DNS server" the report is talking about.
Once you know that, see if that host is actually running BIND 9 or not.
If it is, read its configuration (typically /etc/named.conf) to see if it's configured to act as authoritative (= either master or slave) for any DNS zones or not.
If not, it's only working as a caching DNS resolver: turn on query logging and/or check the DNS settings of your servers (/etc/resolv.conf) to see which systemss (if any) use this BIND for hostname resolution.
If there are none, or if you can configure the systems to use a different nameserver, you can disable BIND:
Run "sh /sbin/init.d/named stop" and modify /etc/rc.config.d/namesvrs to say "NAMED=0" instead of "NAMED=1".
If you're required to keep BIND running after all (= either it's being used as an authoritative DNS server or a resolver for other hosts and you cannot move these things elsewhere), you should go to http://software.hp.com and search for BIND to find the latest BIND upgrade package for your HP-UX version: currently the latest for 11iv2 is C.9.3.2.8.0. It contains some backported patches compared to "vanilla" BIND source code package from its developer, isc.org. You might want to update to the latest version and then copy the list of fixed security bugs from the Release Notes to your response to the audit: according to the audit report, the auditor has only done a simple version number check, which may not take into account any backported patches in the HP-packaged version of BIND.
If that version is not new enough for your auditor's satisfaction, you have two options: either respond with "this is the latest version supported by HP; there is no newer version available", or get the latest BIND source code from isc.org and compile it yourself. The latter requires a working ANSI C compiler and someone with the basic skills for compiling Unix software from source.
- Tags:
- bind
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-12-2011 04:16 AM
09-12-2011 04:16 AM
Re: Audit report reg Bind version
Hi Matti ,
I have 3 unix servers and one win2003 dns server..
i ran the following from one of my unix box ,
root #/ >dig -t txt -c chaos VERSION.BIND @10.1.4.214
; <<>> DiG named 9.2.0 <<>> -t txt -c chaos VERSION.BIND @10.1.4.XX
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOTIMPL, id: 58889
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;VERSION.BIND. CH TXT
;; Query time: 0 msec
;; SERVER: 10.1.4.XX#53(10.1.4.XX)
;; WHEN: Mon Sep 12 16:16:32 2011
;; MSG SIZE rcvd: 30
root #/ >cat /etc/named.conf
#
# type domain source file
#
options {
directory "/etc/named.data";
};
zone "0.0.127.IN-ADDR.ARPA" {
type master;
file "db.127.0.0";
};
zone "cedgedns.in" {
type master;
file "db.XXXdns";
};
zone "4.1.10.IN-ADDR.ARPA" {
type master;
file "db.10.1.4";
};
zone "." {
type hint;
file "db.cache";
};
i tried disabling bind on one of my unix boxes , using /sbin/init.d/named successfully.
My question is does anythng need to be done on my win2003 box ?