DNS security patch - for internal DNS?

Hi, running NW65SP7.  I see since Aug 8th (TID#5032400) the security patch 
for the popular DNS issues has now been posted.  What I'm wondering about is 
it necessary to post this to your server if your DNS is only used for 
internal queries?  That is the DNS cannot be queried from outside the 
firewall?

If not needed when an internal DNS only, then I won't bother installing and 
risking my environment, since there's no other fix mentioned in the release.

Cheers
James 


0
JJB
8/22/2008 4:25:26 PM
novell.netware.dns-dhcp 3183 articles. 0 followers. Follow

4 Replies
827 Views

Similar Articles

[PageSpeed] 7
Get it on Google Play
Get it on Apple App Store

Jjb,
> That is the DNS cannot be queried from outside the 
> firewall?

Do you trust the people inside your firewall 100%? Majority of attacks 
are from the inside, you know.

- Anders Gustafsson  (Sysop)
  The Aaland Islands (N60 E20)

  Discover the new Novell forums at http://forums.novell.com

Novell does not monitor these forums officially.
Enhancement requests for all Novell products may be made at
http://support.novell.com/enhancement

0
Anders
8/22/2008 4:45:52 PM
This is from an email from a friend:

"
http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html#packet

In particular, check out the following two items from the Summary section at 
the bottom:

* A nameserver need not be directly visible to the Internet to be 
exploitable. By convincing a user to visit a particular web page, it can 
trigger a chain of events that reliably lead to poisoning.

* Even patched servers may still be vulnerable if an intervening firewall 
performs Port Address Translation in a way that un-randomizes the source 
ports.

"JJB" <103REMOVE-THIS267.1555@compuserve.com> wrote in message 
news:WLBrk.214$gS5.76@kovat.provo.novell.com...
> Hi, running NW65SP7.  I see since Aug 8th (TID#5032400) the security patch 
> for the popular DNS issues has now been posted.  What I'm wondering about 
> is it necessary to post this to your server if your DNS is only used for 
> internal queries?  That is the DNS cannot be queried from outside the 
> firewall?
>
> If not needed when an internal DNS only, then I won't bother installing 
> and risking my environment, since there's no other fix mentioned in the 
> release.
>
> Cheers
> James
> 


0
Craig
8/22/2008 10:11:32 PM
So better safe than sorry you're saying...  got it.

Ciao
James

"Anders Gustafsson" <AndersG@no-mx.forums.novell.com> wrote in message 
news:VA.0000363c.002bf7bc@no-mx.forums.novell.com...
> Jjb,
>> That is the DNS cannot be queried from outside the
>> firewall?
>
> Do you trust the people inside your firewall 100%? Majority of attacks
> are from the inside, you know.
>
> - Anders Gustafsson  (Sysop)
>  The Aaland Islands (N60 E20)
>
>  Discover the new Novell forums at http://forums.novell.com
>
> Novell does not monitor these forums officially.
> Enhancement requests for all Novell products may be made at
> http://support.novell.com/enhancement
> 


0
JJB
8/22/2008 10:29:49 PM
Thanks for the info

"Craig" <tech@no-spam-novoco.com> wrote in message 
news:oQGrk.439$gS5.222@kovat.provo.novell.com...
> This is from an email from a friend:
>
> "
> http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html#packet
>
> In particular, check out the following two items from the Summary section 
> at the bottom:
>
> * A nameserver need not be directly visible to the Internet to be 
> exploitable. By convincing a user to visit a particular web page, it can 
> trigger a chain of events that reliably lead to poisoning.
>
> * Even patched servers may still be vulnerable if an intervening firewall 
> performs Port Address Translation in a way that un-randomizes the source 
> ports.
>
> "JJB" <103REMOVE-THIS267.1555@compuserve.com> wrote in message 
> news:WLBrk.214$gS5.76@kovat.provo.novell.com...
>> Hi, running NW65SP7.  I see since Aug 8th (TID#5032400) the security 
>> patch for the popular DNS issues has now been posted.  What I'm wondering 
>> about is it necessary to post this to your server if your DNS is only 
>> used for internal queries?  That is the DNS cannot be queried from 
>> outside the firewall?
>>
>> If not needed when an internal DNS only, then I won't bother installing 
>> and risking my environment, since there's no other fix mentioned in the 
>> release.
>>
>> Cheers
>> James
>>
>
> 


0
JJB
8/22/2008 10:30:00 PM
Reply:

Similar Artilces:

DNS UP
Hi We are running 2 BM (3.8) Proxies and until today they have been operating reasonably well. Today we have started getting a lot of 504 errors on workstations using either both servers, looking at the proxy DNS page (on both servers) the DNS links are continually going up and down (like our internet) We have 3 DNS servers entered 2 external and 1 internal. I have tested from outside the BM Servers $and know the 2 external DNS servers are working fine (also no one else who use our provider have an issue). The internal DNS also seems fime. We have not made any changes to th...

DNS? What DNS?
This has never happened before and in light light of this morning's news about the DDOS I was wondering if it is just my machine or if something else is going on. Background: A firewall on one of my machines blocked IE from getting to the net. I wanted to trace where it was planning to go to (207.188.24.150)to figure out if this was just XP again or something else. I tried Neo Trace and PC Helps "Net Tracer" but neither can track it. All I get is "undetermined" or "timed out" Robin In article <3DB714A2.7050902@twcny.rr.com>, omeru...

move a netware 6.0 dns and dhcp server to a netware 6.5 dns and dhcp server
would appreciate if someone can step me through how to achieve above. I have checked all Novell tid and discussion forum and could not find steps referring to moving both dns and dhcp servers from a netware 6.0 sp4 server and to netware 6.5 sp4 server. Wai Chu In article <a4k8g.4419$U_.1361@prv-forum2.provo.novell.com>, Wai Meng CHU wrote: > could not find steps > referring to moving both dns and dhcp servers from a netware 6.0 sp4 server > and to netware 6.5 sp4 server. > That's because it's the same as long as you're moving from NW 5.0 ...

External DNS
we are having the following 2 issues: 1 - After we connect to the Bordermanger 3.8 vpn server we are unable to acces any Internat WWW sites or ping any Internat sites - but we can ping an access all internal sites. 2 - we do have dns configured in IManager to send out DNS info to the VPN client - BUT we are ubable to ping internal servers by name only by ip.. please help Menachem Kain hi, > 1 - After we connect to the Bordermanger 3.8 vpn server we are unable to > acces any Internat WWW sites or ping any Internat sites - but we can ping an > access all intern...

external dns records on internal dns?
woah!!!! love the new web interface... anyway I want to replace my external dns server, which is currently running on a Dell Optiplex GX1. This machine is currently sitting outside of my firewall, which is a cisco pix 515e, running 6.3(3) os. I want to setup a virtual machine on one of my three ESX 3.5 servers that sit on the inside of my firewall, and have it handle the "external" records for my domains. I have the os setup, imported the dns settings from the old server, etc. my problem is that when I go to dnsstuff.com and do a report on my domain, it says...

Internal DNS server (New to DNS)
We have an external DNS server (149.168.11.11) that resolves all our exteral hosts and IP's. Have setup an internal to resolve our internal Intranet hosts and IP's etc. Our domain name is nash.cc.nc.us or nashcc.edu. I have installed DNS as well as management console. We need to have several INTERNAL host names to resolve: 10.1.2.12 - www.nashcc.edu 10.1.13.3 - bb.nashcc.edu, email.nashcc.edu 10.1.2.15. The DNS Server name is Ncc_Studdev, IP address 10.1.2.200, I have created a Primary zone named NASHCC, as well as IN-ADDR.ARPA for each and a CNAME and PTR record also...

How to Put new DNS in DNS/DHCP Server configure atNovell Netware 5 for Small Business
We have a Netware 5 for Small Business. Our ISP provides a new DNS search order. I made this change in sys:\etc\resolv.cfg file. Do I also need to make the change to DNS/DHCP Server at the Novell Server? If I do, what is the procedure to make this change? Are there other place I need to change also? Thanks! Q.Z You're best ask in the DNS newsgroup -- but why does your ISP provides a search order if you have your own DNS? -- Peter eDirectory Rules! ...

DHCP Questions ... Primary DNS Suffix and Bug in DHCP/DNS Utility
I have been reconfiguring our Novell 5.1 SP4 DHCP/DNS server to pass NDS Server, Tree, and Context information through DHCP. I would like to specify the Primary Domain suffix for Windows 2000 workstations. Currently, we manually enter a suffix domain name under the TCP/IP properties, but IT staff sometime forget to perform this step. Any help would be appreciated. Also, the DHCP/DNS Utility appears to have a display bug. The Directory Agent (Code 78) has been specified in my DHCP settings, but no value is displayed unless I click on the Modify button. We are running ...

Netware DNS compatibility with other secondary DNS servers
I have a problem where the primary DNS information for a domain is on a Netware 6 server. The secondary is hosted by an ISP. When I look at the SOA information on the ISP, the serial number is always 0, the refresh is always the number that the matches the serial, the retry is the refresh number and so forth. Has anybody seen this? I've done this type of thing a couple times in the past and have searched here and other places and can't seem to find that anybody else has seen this....anybody have any ideas? Just wondering, why is an ISP hosting your secon...

GlobalNames DNS zone and NetWare DNS servers
We have a mix of NetWare 6.5 and Windows Server 2008 DNS servers. There is a forwarding zone in Novell that points to the Windows DNS servers for the DNS zone abc.xyz.local. Most workstations are configured for the DNS zone named xyz, so when they attempt to resolve a host name, they append xyz (i.e. webserver.xyz). Novell is primary for the xyz zone, and the workstations point to Novell, so it resolves properly. A few workstations are domain-joined, so they append abc.xyz.local (the AD domain name), turning webserver into webserver.abc.xyz.local. They also point to NetWare DNS, wh...

Defending your DNS: best practices for reliable DNS and DHCP
Well-publicized attacks against Domain Name System (DNS) root servers and top-level domains highlight the vulnerability of the DNS infrastructure. Many CIOs are looking for ways to ensure secure, reliable network services. We've identified design principles and best practices for resilient, reliable Dynamic Host Configuration Protocol (DHCP) and DNS services. DNS is the protocol and global network of servers that translate host names into Internet Protocol addresses. Before taking action, prioritize the risks to your network and identify the potential threats you may face. [ Rea...

DNS 1 and DNS 2
So out of curiosity I'm looking at all the connections in my firewall and ever once and while some hits on DNS 1 and 2 same as listed on my router web page . Some times it's to a close port others not . Is this normal activity from my ISP ? Or something I should be worried about ? tia CYS Hemi wrote: > looking at all the connections in my firewall and ever once and while > some hits on DNS 1 and 2 same as listed on my router web page. This is too vague to understand your question let alone answer it. Are you talking about a DSL or cable modem? Are you talking ab...

DNS not forwarding to other dns servers
We had a problem the other day when we lost power on our external DNS server. Users out on the internet were not able to hit our website and do any resolutions to our Secure VPN gateway. When we used the URL address for the website it would not resolve. When we used the VPN Client it would not resolve the name to an address to access the VPN. If we used the IP address it would work. I was under the impression if my dns server went down anyone trying to resolve address to my domain would get the resolution from their DNS server since this information was cached in their DNS Server....

DNS Forwarders to Microsoft DNS
We have 80% of our network on Novell Netware and use DHCP and DNS on Novell servers. Recently there have been implementations of Microsoft Active Directory installations and we were told that Microsoft does not support Novell DNS and we are therefore having to keep a Microsoft DNS. I have set a forwarder on my DNS server that points to the IP address of my Windows 2003 server and thought that if the Novell DNS could not reply it would be forwarded to the Win2003 DNS, it isn't working though, any ideas? Mark We have 4 Novell DNS servers and I have just not...

Web resources about - DNS security patch - for internal DNS? - novell.netware.dns-dhcp

Krebs on Security
The House Financial Services Committee is slated to hold a hearing this Friday on the impact of cyber heists against small- to mid-sized businesses. ...

Security Middle East - Latest news from the Middle East.
Security Middle East is a news portal for the entire security industry, focussed specifically on latest security news from the Middle East. Security ...

Information Security News, IT Security News & Expert Insights: SecurityWeek.Com
IT Security News and Information Security News, Cyber Security, Network Security, Enterprise Security Threats, Cybercrime News and more. Information ...

Security (finance) - Wikipedia, the free encyclopedia
equity securities, e.g., common stocks ; and, The company or other entity issuing the security is called the issuer . A country's regulatory ...

Vegas Taco Joint Gets Burglarized, Makes Amazing Viral Video Ad From Security-Cam Footage
... restaurant that first opened in 2014, and attempted to rob the place after breaking in. Fortunately, Frijoles has a pretty good security-cam ...

Homeland Security to deport hundreds who immigrated illegally - Videos - CBS News
The Obama administration is moving ahead with a new crackdown on illegal immigration. CBS News has confirmed the Department of Homeland Security ...

Security footage shows 'taco thieves'
A Las Vegas restaurant was robbed. What it decided to do next is hilarious.

2015 trends: The evolution of password security
Why you should get on board with fingerprint sensors and two-factor authentication.

IDG Contributor Network: Information security don't let the apparent complexity intimidate you
I launched a new security-related service a few weeks ago. I spent many hours working on the website, including the service description, and ...

Congress Wants To Know If Obama Is Still Spending More On Global Warming Than Border Security
Congress Wants To Know If Obama Is Still Spending More On Global Warming Than Border Security

Resources last updated: 12/26/2015 1:21:57 AM