- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- HP-UX Running BIND, Remote DNS Cache Poisoning
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2008 12:11 AM
тАО08-07-2008 12:11 AM
HP-UX Running BIND, Remote DNS Cache Poisoning
We have HP-UX B.11.11 U 9000/800 system, got an alert for upgrading BIND from B.11.11 running v8.1.2 to BIND v9.2.0. We are having DNS server on Windows, is it required to upgrade our system.
Please find the details below
swlist |grep -i bind
PHNE_36185 1.0 Bind 8.1.2 Patch
ps -ef |grep rpcbind
root 3275 1 0 Jun 21 ? 7:26 /usr/sbin/rpcbind
Thanks
SP
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2008 12:29 AM
тАО08-07-2008 12:29 AM
Re: HP-UX Running BIND, Remote DNS Cache Poisoning
#enable_inet status bind
ERROR: The product bind is not installed in the system.
Therefore, the specified product cannot be enabled.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2008 01:08 AM
тАО08-07-2008 01:08 AM
Re: HP-UX Running BIND, Remote DNS Cache Poisoning
... and if you want a simple test to check
if your DNS server suffers from cache
poisoning problems, run one of the following:
# dig +short @{name-server-ip} porttest.dns-oarc.net txt
# dig +short @myserv.domain.dom porttest.dns-oarc.net txt
Sample output for safe server:
porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"xxx.yyy.zzz.mmm is GREAT: 26 queries in 4.5 seconds from 25 ports with std dev 4549"
or:
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"xxx.yyy.zzz.mmm is GOOD: 26 queries in 0.1 seconds from 26 ports with std dev 17746.18"
And for bad server:
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"xxx.yyy.zzz.mmm is POOR: 42 queries in 8.4 seconds from 1 ports with std dev 0.00"
Of course, you can also always go to sites
like:
http://www.dnsstuff.com/
http://www.doxpara.com/
They work well for testing internet-facing
DNS servers.
Cheers,
VK2COT
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2008 03:05 AM
тАО08-07-2008 03:05 AM
Re: HP-UX Running BIND, Remote DNS Cache Poisoning
Recommendations:
1) Upgrade BIND to 9.x from http://software.hp.com
2) Configure the system to not be a dns cache
3) Make sure the system does not permit recursive DNS lookups (DNS lookup not served by your network) to any other network other than your own. A lookup for hp.com should not be done for any network other than your LAN. some yahoo in Pittsburgh should not be able to do such a thing.
Do those three things and you are secure.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО08-07-2008 04:20 AM
тАО08-07-2008 04:20 AM
Re: HP-UX Running BIND, Remote DNS Cache Poisoning
The rpcbind that you checked is NOT the DNS service process. To check if DNS is running on your UNIX server run
ps -ef |grep named
If you are not running DNS on the UNIX server, there is no need to do anything regarding the alert. However if in the future you start up DNS on UNIX you will be vulnerable.