Bug 105036

Summary: domain hijacking prevention fix of ISC
Product: [Retired] Red Hat Linux Reporter: Hugo van der Kooij <hugo>
Component: bindAssignee: Daniel Walsh <dwalsh>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 8.0Keywords: FutureFeature
Target Milestone: ---   
Target Release: ---   
Hardware: i386   
OS: Linux   
URL: http://www.isc.org/products/BIND/delegation-only.html
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2003-09-25 13:05:48 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Hugo van der Kooij 2003-09-24 20:30:16 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; nl-NL; rv:1.4) Gecko/20030906

Description of problem:
ISC security fix for Veri$ign domain hijacking needs to be implemented in
standard available versions of bind.

Version-Release number of selected component (if applicable):
bind-9.2.1-9

How reproducible:
Always

Steps to Reproduce:
Fix not implemented in currrent version.

Tried to add:

options {
     root-delegation-only exclude { "cc"; "de"; "lv"; "museum"; "org"; "us"; };
};


Actual Results:  jfsdklglkfsdjglkfjsdlgsdf.com still pointed to Veri$ign hijacking.

Expected Results:  host not found

Comment 1 Hugo van der Kooij 2003-09-24 20:35:19 UTC
Sep 24 22:34:36 gandalf named[13434]: loading configuration from '/etc/named.conf'
Sep 24 22:34:37 gandalf named[13434]: /etc/named.conf:23: unknown option
'root-delegation-only'
Sep 24 22:34:37 gandalf named[13434]: loading configuration: failure
Sep 24 22:34:37 gandalf named[13434]: exiting (due to fatal error)

Comment 2 Daniel Walsh 2003-09-25 13:05:48 UTC
root-delegation-only is only in the beta kit for 9.2.3-rc4.  We will update to
this package when it is released.

Dan

Comment 3 Bishop Clark 2004-02-29 13:24:32 UTC
http://www.nmt.edu/ftp/isc/bind9/9.2.3/

Dan,

It's no longer beta, if I'm reading this right.

Where's the promised update?  Anything in the works?  The 923 I'm
seeing suggests it's been out for 3 months.  Can we reopen this bug
yet?  8-)