DNS security patch
Hi, running NW65SP7. I see since Aug 8th (TID#5032400) the security patch for the popular DNS issues has now been posted. What I'm wondering about is it necessary to post this to your server if your DNS is only used for internal queries? That is the DNS cannot be queried from outside the firewall? If not needed when an internal DNS only, then I won't bother installing and risking my environment, since there's no other fix mentioned in the release. Cheers James Jjb, > That is the DNS cannot be queried from outside the > firewall? Do you trust t...

DNS? What DNS?
This has never happened before and in light light of this morning's news about the DDOS I was wondering if it is just my machine or if something else is going on. Background: A firewall on one of my machines blocked IE from getting to the net. I wanted to trace where it was planning to go to (207.188.24.150)to figure out if this was just XP again or something else. I tried Neo Trace and PC Helps "Net Tracer" but neither can track it. All I get is "undetermined" or "timed out" Robin In article <3DB714A2.7050902@twcny.rr.com>, omeru...

Securing DNS.
Can anyone tell me what's the best way to lock down DNS so that it doesn't send out root hints ? Just moved our DNS and now it's responding to such queries. Is this something I can do with a query filter ?! Thanks. -- neiljt1 ------------------------------------------------------------------------ neiljt1, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not, you might try one of the following options: - Visit http...

DNS SECURITY ALGORITHM NUMBERS DNS KEY and SIG RRs
DNS SECURITY ALGORITHM NUMBERS DNS KEY and SIG RRs [RFC2535] use an 8-bit number used to identify the security algorithm being used: Number DescriptionReference --------- ------------------------------ --------- 0 Reserved 1 RSA/MD5 [RFC2537,RFC1321] deprecated, see 5 2 Diffie-Hellman [RFC2539] 3 DSA/SHA1 [RFC2536,DSA,SHA-1] 4 Reserved for Elliptic Curve Crypto 5 RSA/SHA-1 [RFC3110] 6 - 251 Reserved by the IANA 252 ...

Securing DNS
Any thoughts on protecting DNS queries from prying eyes? I already have two servers running ISC BIND 9.9.4 setup to do DNSSEC validation and recursive. I do not have set to forward either so the servers queries the root servers. I never use my ISP's DNS servers as I see it as a privacy concern. I know the DNS queries are UDP unecrypted. Is there anyway to encrypt the DNS traffic between my DNS servers and root servers? With all this talk about HTTPS PFS and secure VPN's......what about DNS and DNSSEC? How can we protect ourselves from tampered DNS queries and in...

Secure DNS?
I just read an article about secure dns, being called DNSSEC. (www.dnssec.net) Does Novell's DNS server support this new feature? Thanks, Cheryl Cheryl Fischer Network / Email Administrator Horizon Bank Cheryl, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not, you might try one of the following options: - Do a search of our knowledgebase at http://support.novell.com/search/kb_index.jsp - Check all of the other support tools a...

security too secure
Name: joe Product: Firefox Summary: security too secure Comments: The security thing won't let me in this sight no matter how I accept, confirm, get certificate, etc. https://www.vtext.com/customer_site/jsp/messaging_lo.jsp Browser Details: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.4; en-GB; rv:1.9.1b4) Gecko/20090423 Firefox/3.5b4 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

when is secure, secure?
Lo everyone, I wrote a custom authentication handler for PureFTPD, using a combination of authentication methods, for about 4 different types of users. So far, from testing it, it does look to work properly, and does it's job pretty well (and fast). I use #!/usr/bin/perl -W as well as use Strict, and use warnings, and the code returns no errors or warnings when run. I am right to presume that this basically only really tells me the my syntax and structure of the application is right? What's a good way to see whether it is actually SECURE... There is a couple of lines of...

Security and DNS
--____FIVYRACBLJROFPKWMWQS____ Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: quoted-printable Hi all: We're running DNS on Netware 6.5 SP2 as a clustered resource. It is = working very well (thanks for asking!) We have been running through our year end security self audit and I have = been tweaking our DNS setup up.=20 What I have done is this: Each client on LAN: gets 2 DNS entries. One local DNS server and one at a = remote office (both Netware). Offices are interconnected by private lines = so this process is all behind the firewall. Each...

DNS UP
Hi We are running 2 BM (3.8) Proxies and until today they have been operating reasonably well. Today we have started getting a lot of 504 errors on workstations using either both servers, looking at the proxy DNS page (on both servers) the DNS links are continually going up and down (like our internet) We have 3 DNS servers entered 2 external and 1 internal. I have tested from outside the BM Servers $and know the 2 external DNS servers are working fine (also no one else who use our provider have an issue). The internal DNS also seems fime. We have not made any changes to th...

How secure is secure?
Thanks to this group and all the high tech individuals who frequent it I have learned how to protect my PC from the inside out. But what about security risks to my info 'before' it gets to my computer? Like my mail box on the server. Could someone hack into that and thumb through my mail? If so, how would I ever know? (The short story) We have a rogue employee at my work who one day decided to run the web site, she got in tight with the ISP, got tools to set and delete passwords on a protected directory on the server. Who knows if she has telnet access to other things, li...

DNS question re: my ISP's static DNS
I just got a broadband connection last week through a wireless internet provider. All went well at first, but last night began experiencing many interrupted sessions, couldn't resolve host name was the issue. Router is properly configured with my static IP, and the first, second, and third DNS addresses supplied by the ISP. No problem to ping the router, but could not get out to the WAN at all. Finally got to the point early this afternoon that I had no ability to resolve a name at all. Rebooted radio-modem, router, computer tonight, still no success. Finally I swapped the 3rd...

Question about DNS about DNS over VPN
Hi, we have got a problem (probabliy we misunderstood something) with the VPN - Client. When I login with the VPN-Client, where can I set the DNS-Context (Search Context) which will be passed to the Client? I can not find any settings at the VPN Definitions. Thanks in advance Reg. Thomas Thomas, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not, you might try one of the following options: - Do a search of our knowledgebase at http...

Comodo Secure DNS
http://www.comodo.com/secure-dns/ Looks interesting? Perhaps it could be added to DNS Benchmark? DNS Nameserver Spoofability Test passes with flying colors.. Comodo Secure DNS is a domain name resolution service that resolves your DNS requests through our worldwide network of redundant DNS servers. This can provide a much faster and more reliable Internet browsing experience than using the DNS servers provided by your ISP and does not require any hardware or software installation. Comodo Secure DNS gives you a safer, smarter and faster Internet because it's: More R...