[CentOS] BInd Problem or Update SSL ?

Fri Feb 18 23:41:27 UTC 2011
James Hogarth <james.hogarth at gmail.com>

>
> I think I do; he's an ISP, and apparently someone inside his address block (the CIDR notation /19; his actual block is publicly found by doing a quick nslookup of his domain name, noting the IP address of the DNS server(s) listed, and then a whois of the IP address of the DNS server(s).  His /19 shows up) has hacked in some way the zone file(s) or the cache for his nameserver so that his customers, who would ordinarily use his DNS server as their recursive resolver, now see www.yahoo.com (among who knows what others) as pointing to a different address, the one inside his /19 (which I hope he has tracked and duly removed in grand Texas style), for the purpose of phishing.
>
> Now whether this was done by actually hacking into his DNS server or by a cache poisoning attack or what, I don't know since those details Larry hasn't made public.  And that's ok.

That's what I assumed however given the vagueness I wasn't sure.

At this time I'm unaware of any attacks on Bind within current Centos
5 if it is a properly configured system (selinux enabled, bind chroot,
iptables in place, etc) that would allow someone to mess with his zone
files or other parts of bind.

As such if there is such a critical vulnerability it would be nice to
get details.... especially how he is so intent on blaming Redhat and
Bind.... on the other hand if he has misconfigured systems it's his
own fault and he should stop blaming Redhat/CentOS.

If he is willing to discuss the details great!

If he is not I would strongly suggest he stop spamming the mailing
lists with nonsense.

James