Re: weaknesses in dns label decoding,

From: Brett Glass (brettat_private)
Date: Thu Jun 03 1999 - 05:20:41 PDT

Next message: Darren J Moffat - Enterprise Services OS Product Support Group: "Re: Solaris 7/SPARC and sdtcm_convert."

Previous message: Matt Wilson: "[SECURITY] New kernel packages available"
Next in thread: markaat_private: "Re: weaknesses in dns label decoding,"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Many sysadmins disable BIND's "check-names" option because
their less knowledgeable colleagues assign illegal names. In
particular, many use underscores in system names, even though
they're verboten.

BIND *should* have a separate option that allows underscores
in names to accommodate this frequent glitch, but it doesn't.
So, the checking becomes all-or-nothing.

--Brett

At 11:00 PM 6/2/99 +0200, Pavel Kankovsky wrote:
>On Mon, 31 May 1999, bobk wrote:
>
> > Another thing to remember is that it is possible to put ABSOLUTELY
> > ANYTHING inside a DNS domain name. This includes whitespace, control
> > characters, and even NULL.
>
>Use BIND's check-names option to refuse illegal answers.
>
>--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
>"NSA GCHQ KGB CIA nuclear conspiration war weapon spy agent... Hi Echelon!"

Next message: Darren J Moffat - Enterprise Services OS Product Support Group: "Re: Solaris 7/SPARC and sdtcm_convert."
Previous message: Matt Wilson: "[SECURITY] New kernel packages available"
Next in thread: markaat_private: "Re: weaknesses in dns label decoding,"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:48:06 PDT