summaryrefslogtreecommitdiffstats
path: root/contrib/bind/doc/bog/ns.me
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/bind/doc/bog/ns.me')
-rw-r--r--contrib/bind/doc/bog/ns.me39
1 files changed, 4 insertions, 35 deletions
diff --git a/contrib/bind/doc/bog/ns.me b/contrib/bind/doc/bog/ns.me
index b507e94..ec3ca3c 100644
--- a/contrib/bind/doc/bog/ns.me
+++ b/contrib/bind/doc/bog/ns.me
@@ -1,3 +1,5 @@
+.\" ++Copyright++ 1986, 1988
+.\" -
.\" Copyright (c) 1986, 1988
.\" The Regents of the University of California. All rights reserved.
.\"
@@ -46,6 +48,8 @@
.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
.\" SOFTWARE.
+.\" -
+.\" --Copyright--
.\"
.\" @(#)ns.me 6.3 (Berkeley) 9/19/89
.\"
@@ -90,38 +94,3 @@ Berkeley would look as follows:
.)b
The top level domain for educational organizations is EDU;
Berkeley is a subdomain of EDU and monet is the name of the host.
-.sh 1 Security
-.pp
-This section examines some of the know security implications of various
-versions of BIND. Some of these have been used to attack the nameservers
-in the past.
-.sh 2 "Unnecessary Glue"
-.pp
-Unnecessary glue can lead to incorrect records being loaded into the
-server. This can result in connections going to the wrong machines.
-.pp
-To prevent unnecessary glue being loaded, all the servers of zones being
-servered by a server and the servers of the parent zones need to be
-upgraded to BIND 4.9.3 or later.
-.sh 2 "Insertion of data into a zone that is being servered"
-.pp
-BIND versions prior to BIND 4.9.2 are subject to the insertion of
-resource records into zone that they are serving.
-.sh 2 "Denial of Service: Hash Bug Exploit"
-.pp
-September 1996 saw the COM TLD subject to a denial of service attack by
-injecting into the DNS a record with a final label of COM, eight spaces
-and COM. This effected BIND 4.9.4 servers. Similar attacks are possible
-on BIND 4.9.3 and BIND 4.9.3-P1.
-.pp
-It is recommend that you run a BIND 4.9.4-P1 or later server to avoid
-this exploit.
-.sh 2 "Denial of Service: TTL Inconsistency Attacks"
-.pp
-If you are still using multiple TTL values within a RRset you can be
-subject to a denial of service attack. BIND 4.9.5 onwards uses multiple
-ttl values within a RRset to reject obviously bad RRset.
-.pp
-It is recommend that you upgrade to BIND 4.9.5 or later as these server
-prevent you loading multiple TTL values and doesn't merge answers received
-across the network.
OpenPOWER on IntegriCloud