HPE Community
Operating System - HP-UX
1833461 Members
3013 Online
110052 Solutions
New Discussion

Securing HP-UX DNS

 
SOLVED
Go to solution
Michael_423
Occasional Contributor

‎02-13-2004 08:47 AM

‎02-13-2004 08:47 AM

Securing HP-UX DNS

We have one DNS server on our network that all the Asian root servers love to send binaries to over port 53. Hence I have the following 2 questions.

2 Questions:

1) Is there a way we can secure the DNS server to reject a DNS response with binary code in it?

2) Is there really some legimate DNS traffic to a BIND server that should be from a root server? Or in other words, is there going to be any problems if we start blocking this type of traffic.

Michael
0 Kudos
Reply
4 REPLIES 4
Martin P.J. Zinser
Honored Contributor

‎02-13-2004 09:13 AM

‎02-13-2004 09:13 AM

Re: Securing HP-UX DNS

Hello Michael,

you might get a useful answer here (a number of experienced UX folks frequent this Linux forum) but if you want to discuss hpux specific details you might be better off over in the hpux forum at

http://forums1.itrc.hp.com/service/forums/familyhome.do?familyId=117

All the best,

Martin
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎02-14-2004 03:15 PM

‎02-14-2004 03:15 PM

Solution

Re: Securing HP-UX DNS

1) I properly configured DNS server with BIND 9.2.0 will not allow tranfers of binaries. It will only answer valid requests for name resolution infomration.

2) BIND is DNS DNS is BIND. Two names for the same thing.

I do not believe you need to do anything to the BIND version from software.hp.com to secure it against this kind of attack.

Do you have any evidence that this has been done to your servers?

In the HP-UX security section http://forums1.itrc.hp.com/service/forums/categoryhome.do?categoryId=155 you will see posts by Berlene Herren. She has posted a number of DNS/BIND security warnings in the past month. Following the instructions there will leave you secure.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Reply
Paul Cross_1
Respected Contributor

‎02-16-2004 02:35 AM

‎02-16-2004 02:35 AM

Re: Securing HP-UX DNS

BIND is DNS, but DNS isn't BIND...
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎02-16-2004 03:03 AM

‎02-16-2004 03:03 AM

Re: Securing HP-UX DNS

Yes, I realized after my post that you don't need BIND to do DNS. DNS 4.9 was not BIND and Microsoft does it quite nicely without BIND.

Thanks for the correction.

I'm asking HP to move this thread to HP-UX.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.