Profile cover photo
Profile photo
Internet Systems Consortium
170 followers -
Developers and maintainers of Critical Internet Infrastructure software and services
Developers and maintainers of Critical Internet Infrastructure software and services

170 followers
About
Internet Systems Consortium's interests
Internet Systems Consortium's posts

Post has attachment
Performance, privacy and resilience - this is why you want a DNS root server nearby.

https://www.isc.org/blogs/why-you-want-a-root-server/

Photo

Post has attachment
Ray Bellis shares some tips on using funopen() [and
Linux equivalent] and how that solves a problem with dns captures.
https://www.isc.org/blogs/efficient-compression-of-packet-captures/

If you are using the DNSCAP (https://www.dns-oarc.net/tools/dnscap) utility from +DNS OARC it might be useful for you.

https://www.isc.org/blogs/efficient-compression-of-packet-captures/

Post has attachment

Post has attachment

Post has attachment

Post has attachment

Post has attachment

Post has attachment
ISC DHCP 4.3.3b1 and 4.1-ESV-R12b1 are now available for download.

These are the beta versions of ISC DHCP 4.3.3 and 4.1-ESVR12, which are maintenance releases.  Among many other bug fixes, we have included a number of LDAP patches contributed by the community.

Field testing is an important part of our quality process.  We welcome and need our user base to beta test our upcoming releases. Please report bugs to dhcp-bugs@isc.org, and report that you have tried the release, and any general observations, to dhcp-users@lists.isc.org.

Note Well: In the past our process was to release the beta, then
a week later to release a release candidate and then a week after
that to release the final version.  We concluded that this did
not provide users a large enough window to get the beta, test it
and report any bugs back to us.  In addition the release candidate
didn't serve much purpose.  For this release we are changing our
process.  We shall release the beta and then roughly one month
later (currently scheduled for September 1st) release the final
version.  This schedule may be altered depending on what, if any,
bugs are reported during the beta window.

A list of the changes in this release has been appended to the end
of this message.  For a complete list of changes from any previous
release, please consult the RELNOTES file within the source distribution.

https://www.isc.org/downloads/DHCP/

Post has attachment
We have just published a BIND security vulnerability, CVE-2015-5477: An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure.  The official CVE announcement is here: https://kb.isc.org/article/AA-01272

This impacts both Resolvers and Authoritative servers, from 9.1.0 onwards.  Patch releases are posted for BIND 9.9.7 and 9.10.2. 

Found by Jonathan Foote, using the American Fuzzy Lop tool.  

Post has attachment
9.10.3 will include a few new features which have been shown to help mitigate the impact of the pseudo-random domain DDoS on resolvers.
Wait while more posts are being loaded