Hi, I have a Centos 4.6 machine that even tough has been updated with the latest bind 9.2.4-28.0.1.el4 is marked as vulnerable by https://www.dns-oarc.net/oarc/services/dnsentropy. I have another machine which also uses that same distro and is not. Do I have to do any other update? -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20080730/20f1d6b4/attachment-0001.html>
on 7-30-2008 11:08 AM mbneto spake the following:> Hi, > > I have a Centos 4.6 machine that even tough has been updated with the > latest bind 9.2.4-28.0.1.el4 is marked as vulnerable by > https://www.dns-oarc.net/oarc/services/dnsentropy. > > I have another machine which also uses that same distro and is not. > > Do I have to do any other update? >Do you have a "query-source address * port" set in your named.conf? If so, you need to remove it to pass most tests. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 258 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20080730/d362a537/attachment-0001.sig>
mbneto wrote:> Hi, > > I have a Centos 4.6 machine that even tough has been updated with the > latest bind 9.2.4-28.0.1.el4 is marked as vulnerable by > https://www.dns-oarc.net/oarc/services/dnsentropy. > > I have another machine which also uses that same distro and is not. > > Do I have to do any other update? > > >Are those boxes directly handling your DNS requests to the internet for you - i.e. their IPs show up in the test results as the DNS Resolvers? If yes, probably your named.conf would need to be looked at in the problem box. More likely, it's your nameserver in your resolv.conf or the nameserver of your nameserver that the test site is talking to. You have to bug whoever runs those boxes about the problem. -- Toby Bluhm Alltech Medical Systems America, Inc.
At 02:08 PM 7/30/2008, you wrote:>Hi, > >I have a Centos 4.6 machine that even tough has been updated with >the latest bind 9.2.4-28.0.1.el4 is marked as vulnerable by ><https://www.dns-oarc.net/oarc/services/dnsentropy>https://www.dns-oarc.net/oarc/services/dnsentropy. > >I have another machine which also uses that same distro and is not. > >Do I have to do any other update? >Hello, Big discussion on this group two weeks ago. Most likely, your problem is this line in /etc/named.conf: query-source address * port 53; Remove that and retest. However, be forewarned that it could cause problems with restarting named.. in which case, do not delete the line, just comment it, then uncomment if you get into trouble and reconsult the archives. That problem was resolved late week before last or early last week too. If you want some better advice, post your errors. Cheers, Glenn -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.centos.org/pipermail/centos/attachments/20080730/b7c0a810/attachment-0001.html>