Bug 104705 - Delegation-only patch for bind
Summary: Delegation-only patch for bind
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: bind
Version: 7.3
Hardware: All
OS: Linux
high
medium
Target Milestone: ---
Assignee: Daniel Walsh
QA Contact: Ben Levenson
URL: http://www.isc.org/products/BIND/dele...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2003-09-19 14:12 UTC by Need Real Name
Modified: 2007-03-27 04:09 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2003-09-24 13:52:07 UTC
Embargoed:


Attachments (Terms of Use)

Description Need Real Name 2003-09-19 14:12:18 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4b) Gecko/20030516
Mozilla Firebird/0.6

Description of problem:
Please see Bug #104569
Please consult media for reports on verisign mis-handling .com / .net wildcards.
Please consider the effects on email systems / spam blocking / security.
Please include delegation patch in update to RH7.3 (or ALL) bind packages.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1. Use non-patched bind
2. Permits wildcard lookup 
3. BAD BAD BAD - please add patch
    

Additional info:

Comment 1 Dean K. Gibson 2003-09-21 00:42:52 UTC
I agree.  While technically not a bug, this fix is required for security 
features in other products to function properly;  eg, Sendmail and Postfix.  
Plus, having the fix available on RedHat would encourage wide adoption, which 
in turn would nullify the effects of VeriSign's "hijacking" of the purposes and 
RFC functions of the root servers.

The second BIND patch for this issue has been released.  I can understand if 
you want to wait a day or two for the dust to settle (the first patch has minor 
issues), but at least make some sort of announcement that a new RPM will be 
forthcoming.


Comment 2 Chris Stankaitis 2003-09-24 13:31:06 UTC
Please add this patch to give RH users running bind the ability to block out
VeriSign SiteFinder.

RedHat seems to be laging behind in their response to this issue, it's a serious
concern to many System Admins and should be addressed with a new RPM patch ASAP.

Comment 3 Daniel Walsh 2003-09-24 13:52:07 UTC
The patch is available on RawHide bind-9.2.2-23

Dan


Comment 4 Dean K. Gibson 2003-09-24 15:47:34 UTC
No one who is following the ISC BIND9 list will want Bind-9.2.2-23, which only 
contains the first ISC patch and is defective and creates problems.  ISC's -P4 
patch is apparently stable, and should be built & released as an RPM.



Note You need to log in before you can comment on or make changes to this bug.