[prev in list] [next in list] [prev in thread] [next in thread]
List: openbsd-ports
Subject: Re: Bind 8.2.2-P7 dies
From: Kai Gallasch <kai.gallasch () ruhr-uni-bochum ! de>
Date: 2001-02-26 17:28:16
[Download RAW message or body]
On 26-Feb-2001 Rickie Kerndt wrote:
>>What you're probably seing is a query for the bind version. Then, because
>>you're running 8.2.2 and advertising "hack me", you're probably getting hit
>>with buffer overflow code that's crashing your name server.
>
> Using binds access control features would help. I see bind version
> queries on a regular basis but these are refused by my access
> controls. No one has crashed named yet.I've set to allow recursive
> queries only from the local network and then allow queries from
> outside only for authoritive zones I wish to make public.
Good idea. I didn't think about blocking query-type "bind version" by
ACLs. :) I only use restrictions concerning *XFR of my zones...
Maybe this will buy me a little time.
It's always the same. Some stupid people crash services and it will
only lead to tighter usage policies. I really didn't bother somebody
stealing a few bytes querying my nameservers - but maybe I have to
reconsider this..
-K.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic