Friday, August 08, 2008 at 2:56 pm by Brady Wilson
Patching BIND for OpenBSD
Recent security research discovered that there were multiple DNS implementations vulnerable to cache poisoning.This is a multi-vendor vulnerability outlined at the following links (among many others):
http://secunia.com/cve_reference/CVE-2008-1447
http://www.kb.cert.org/vuls/id/800113
In our DNS infrastructure we separate the recursive query DNS servers from the authoritative DNS servers. We limit recursive queries to our own network ranges. Our internal DNS servers used with Active Directory are blocked at the firewall allowing no external access. To remain secure however we of course updated them all.
All of our production DNS servers run BIND on OpenBSD (4.2 currently) so here is a quick run-down of what we did to patch BIND.
- # cd /usr/src
# wget ftp://ftp.openbsd.org/pub/OpenBSD/4.2/src.tar.gz
# tar -xvzf src.tar.gz
- # wget ftp://ftp.openbsd.org/pub/OpenBSD/patches/
4.2/common/013_bind.patch
- # more 013_bind.patch
Apply by doing:
- # cd /usr/src
# patch -p0 < 013_bind.patch
Then rebuild and install bind:
- # cd usr.sbin/bind
# make -f Makefile.bsd-wrapper obj
# make -f Makefile.bsd-wrapper
# make -f Makefile.bsd-wrapper install
- http://www.doxpara.com/
https://www.dns-oarc.net/oarc/services/dnsentropy
https://www.dns-oarc.net/oarc/services/porttest
That should do it!
Article Archives:
Mount NTFS USB drives read-write in FreeBSD
This write-up was tested on FreeBSD 6.2 and 6.3. As of this writing the NTFS-3g release was 1.2531.
Please let me know if you run into typos or other technical issues when implementing this.
1.) Update the ports collection.
Setup the update:
# cd /usr/ports/ports-mgmt/portupgrade
# make install clean
# cd /usr/ports/net/cvsup
# make install clean
# cp /usr/share/examples/cvsup/ports-supfile /root/ports-supfile
# pico /root/ports-supfile
Make it [...]
October 22nd, 2008
Reinstalling RocketRaid drivers after updating FreeBSD
After going through the steps to update FreeBSD via cvsup, 3 of the servers didn’t come back up after reboot as fast as the other servers I updated did. After 10 minutes, of the server not coming back up, I realized something likely happened to the raid controller driver that these 3 servers use.
Once I [...]
August 19th, 2008
The Real Ironman
June 28th, 2008
So, I just completed my 1st 1/2 Ironman Triathlon today. It has been a goal that I have wanted to accomplish for some time. After 5 months of vigorous training, I had one day to swim 1.2 miles in the frigid Wickiup Reservoir,
( bike 56 miles around Mt. Bachelor going from 4200 [...]
August 5th, 2008
Virtualized for Non-Profit
Opus Interactive has virtualized 22 of their servers in a effort to upgrade internal systems. Instead of trying to sell the servers, or reprovision them, Opus Interactive decided the best thing to do is to donate them to Omni Media Networks Inc. The donated servers were needed in an effort to expand Omni Media Networks Internet outreach programs. Opus Interactive is very [...]
July 1st, 2008
If a tree gets planted in the forest will anyone hear?
Opus Interactive has joined with Arbor Day Foundation in their mission to “…inspire people to plant, nurture and celebrate trees.” Arbor Day Foundation is the largest nonprofit tree-planting organization, with nearly one million members and averages over 12 million trees planted each year.
So with that, the question becomes with almost 12 million trees each year, why [...]
June 16th, 2008
Article Comments: