Bug 454210

Summary: Build Request 9.5.0 Final for F8/F9
Product: [Fedora] Fedora Reporter: Reindl Harald <spam2>
Component: bindAssignee: Adam Tkac <atkac>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 9CC: atkac, ovasik, shrek-m
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 9.5.0-33.P1.fc9 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-07-09 21:45:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Reindl Harald 2008-07-06 18:13:59 UTC 
Hi

I have seen that BIND 9.5.0 is final and a build exists for rawhide
It would be nice the get the final also on Fedora 8 / Fedora 9 
There are no problems, but its always fine to have final-versions instead of
release-candidates!

THANK you for a great operating system anyways!
Comment 1 Fedora Update System 2008-07-08 22:55:11 UTC 
bind-9.5.0-33.P1.fc9 has been submitted as an update for Fedora 9
Comment 2 shrek-m 2008-07-09 15:20:10 UTC 
thanks for bind-9.5.0-33.P1.fc9.x86_64
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1447


# service named status | head -1
version: 9.5.0-P1


here is a test from dan kaminsky
http://doxpara.com/  "Check my DNS"


with bind-9.5.0-33.P1.fc9.x86_64

Your name server, at 92.194.26.110, appears vulnerable to DNS Cache
Poisoning.
All requests came from the following source port: 53
Requests seen for 381d4522e342.toorrr.com:
92.194.26.110:53 TXID=9676
92.194.26.110:53 TXID=34357
92.194.26.110:53 TXID=24141
92.194.26.110:53 TXID=17688
92.194.26.110:53 TXID=13472



9.5.0.33-P1 seems to use always port 53,
pdns seems to use random ports as it should be.


with pdns-recursor-3.1.5-1.fc9.x86_64

Your name server, at 92.194.26.110, appears to be safe.
Requests seen for 2d4735efa430.toorrr.com:
92.194.26.110:48369 TXID=44592
92.194.26.110:63213 TXID=38931
92.194.26.110:26619 TXID=15104
92.194.26.110:8520 TXID=21689
92.194.26.110:6257 TXID=59912
Comment 3 shrek-m 2008-07-09 16:00:19 UTC 
oops,
my named.conf is really old,
the named.conf.rpmnew is from 2007-06-14


without query-source all is ok.

# grep source  /etc/named.conf--old_always-source-port-53
	query-source    port 53;	
	query-source-v6 port 53;
Comment 4 Fedora Update System 2008-07-09 21:45:13 UTC 
bind-9.5.0-33.P1.fc9 has been pushed to the Fedora 9 stable repository.  If problems still persist, please make note of it in this bug report.