Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

DNSSEC for VMS?

 
Willem Grooters
Honored Contributor

DNSSEC for VMS?

There have been a number of publications on a flaw in the design of DNS that, when expoited, could effect all name translations on the Inernet, and I did read reports that this bug has already been exploited.
What I understood is that the BIND implementation on VMS contains this bug as well and you would be vulnerable if you have set it up as a chaching resolver.
(source: http://64.223.189.234/node/945)
I don't know how many VMS systems are set up this way and could be acessed - but I wonderer when there will be a patch for VMS? I haven't seen it yet for any of the platforms.
Willem Grooters
OpenVMS Developer & System Manager
3 REPLIES 3
Hoff
Honored Contributor

Re: DNSSEC for VMS?

I'd expect very few OpenVMS systems are being used as DNS servers.

If you are (and if your DNS servers are either exposed to the Internet or if you don't trust your clients), Kaminsky's DNS exposure can be nasty; attacks can require less than 15 seconds or so, and they're active in the wild.

One of the higher-profile targets that's fallen so far was an unpatched AT&T DNS server.

Process Software has released patched DNS servers for OpenVMS.

And FWIW, DNSSEC is an upgrade from DNS; DNSSEC requirements are coming on-line, starting with the .ORG domains. If you're serving DNS for .ORG, you're going to be migrating earlier than most.

Hoff
Honored Contributor

Re: DNSSEC for VMS?

nb: ITRC is incorrectly including the parenthesis onto the end of the URL.

http://64.223.189.234/node/945
Willem Grooters
Honored Contributor

Re: DNSSEC for VMS?

Got a notification on openvms.org (http://www.openvms.org/stories.php?story=08/08/12/8896640 )
that HP responded on the issue ( http://h71000.www7.hp.com/network/new.html ).A patched version of BIND will be available in the forthcoming ECO for more recent TCPIP versions. For those that require a quick solution, a specific patch is available.
Willem Grooters
OpenVMS Developer & System Manager