HPE Community
Operating System - HP-UX
1752782 Members
6781 Online
108789 Solutions
New Discussion юеВ

HP-UX Running BIND, Remote DNS Cache Poisoning

 
Diebold_Unix_Support
Occasional Advisor

тАО08-07-2008 12:11 AM

тАО08-07-2008 12:11 AM

HP-UX Running BIND, Remote DNS Cache Poisoning

Hi,

We have HP-UX B.11.11 U 9000/800 system, got an alert for upgrading BIND from B.11.11 running v8.1.2 to BIND v9.2.0. We are having DNS server on Windows, is it required to upgrade our system.

Please find the details below

swlist |grep -i bind
PHNE_36185 1.0 Bind 8.1.2 Patch


ps -ef |grep rpcbind
root 3275 1 0 Jun 21 ? 7:26 /usr/sbin/rpcbind

Thanks
SP
0 Kudos
Reply
4 REPLIES 4
Diebold_Unix_Support
Occasional Advisor

тАО08-07-2008 12:29 AM

тАО08-07-2008 12:29 AM

Re: HP-UX Running BIND, Remote DNS Cache Poisoning

Please find the details below

#enable_inet status bind
ERROR: The product bind is not installed in the system.
Therefore, the specified product cannot be enabled.
0 Kudos
Reply
VK2COT
Honored Contributor

тАО08-07-2008 01:08 AM

тАО08-07-2008 01:08 AM

Re: HP-UX Running BIND, Remote DNS Cache Poisoning

Hello,

... and if you want a simple test to check
if your DNS server suffers from cache
poisoning problems, run one of the following:

# dig +short @{name-server-ip} porttest.dns-oarc.net txt

# dig +short @myserv.domain.dom porttest.dns-oarc.net txt

Sample output for safe server:

porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"xxx.yyy.zzz.mmm is GREAT: 26 queries in 4.5 seconds from 25 ports with std dev 4549"

or:

z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"xxx.yyy.zzz.mmm is GOOD: 26 queries in 0.1 seconds from 26 ports with std dev 17746.18"

And for bad server:

z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"xxx.yyy.zzz.mmm is POOR: 42 queries in 8.4 seconds from 1 ports with std dev 0.00"

Of course, you can also always go to sites
like:

http://www.dnsstuff.com/
http://www.doxpara.com/

They work well for testing internet-facing
DNS servers.

Cheers,

VK2COT
VK2COT - Dusan Baljevic
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО08-07-2008 03:05 AM

тАО08-07-2008 03:05 AM

Re: HP-UX Running BIND, Remote DNS Cache Poisoning

Shalom SP,


Recommendations:

1) Upgrade BIND to 9.x from http://software.hp.com
2) Configure the system to not be a dns cache
3) Make sure the system does not permit recursive DNS lookups (DNS lookup not served by your network) to any other network other than your own. A lookup for hp.com should not be done for any network other than your LAN. some yahoo in Pittsburgh should not be able to do such a thing.

Do those three things and you are secure.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
TTr
Honored Contributor

тАО08-07-2008 04:20 AM

тАО08-07-2008 04:20 AM

Re: HP-UX Running BIND, Remote DNS Cache Poisoning

> We are having DNS server on Windows

The rpcbind that you checked is NOT the DNS service process. To check if DNS is running on your UNIX server run
ps -ef |grep named

If you are not running DNS on the UNIX server, there is no need to do anything regarding the alert. However if in the future you start up DNS on UNIX you will be vulnerable.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.