Profile

Cover photo
Internet Systems Consortium
162 followers|27,865 views
AboutPostsPhotosYouTube

Stream

1
Add a comment...
 
We have just published a BIND security vulnerability, CVE-2015-5477: An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure.  The official CVE announcement is here: https://kb.isc.org/article/AA-01272

This impacts both Resolvers and Authoritative servers, from 9.1.0 onwards.  Patch releases are posted for BIND 9.9.7 and 9.10.2. 

Found by Jonathan Foote, using the American Fuzzy Lop tool.  
american fuzzy lop (1.84b). American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary.
2
1
Add a comment...
 
This is being shared on some IETF mailing lists. Özgür Uçkan, a strong proponent of Digital freedom, anti-censorship, died on July 10th.  http://globalvoicesonline.org/2015/07/12/r-i-p-ozgur-uckan-netizens-of-turkey-lose-one-of-their-best/
Dr. Özgür Uçkan, a leading light in the battle for Internet freedom in Turkey, died on July 10, 2015.
1
Add a comment...
 
Facebook is using our new Kea DHCP server successfully in their datacenter. The engineer who did the integration explains his motivation, and the impact of the project, below.

If you have successfully used any of ISC's open source for a significant project in your organization, and you think there are lessons of interest to others in your experience, we would love to publish your story. 
1
Add a comment...
 
Come to the IETF meeting in Prague a couple of days early, and participate in the hackathon!  There are multiple interesting projects in both the DNS and DHC working groups. https://www.ietf.org/registration/MeetingWiki/wiki/93hackathon
IETF Hackathon
Sat, July 18, 2015, 9:00 AM GMT+2
Prague

1
Add a comment...
In their circles
1 person
Have them in circles
162 people
Tim Christensen's profile photo
lucer me's profile photo
Dani Ortez's profile photo
Kenneth Dahle's profile photo
Recep Girmiş's profile photo
siew chui's profile photo
Tiago Lira's profile photo
常璨's profile photo
KAVISH JAISWAL's profile photo
 
ISC DHCP 4.3.3b1 and 4.1-ESV-R12b1 are now available for download.

These are the beta versions of ISC DHCP 4.3.3 and 4.1-ESVR12, which are maintenance releases.  Among many other bug fixes, we have included a number of LDAP patches contributed by the community.

Field testing is an important part of our quality process.  We welcome and need our user base to beta test our upcoming releases. Please report bugs to dhcp-bugs@isc.org, and report that you have tried the release, and any general observations, to dhcp-users@lists.isc.org.

Note Well: In the past our process was to release the beta, then
a week later to release a release candidate and then a week after
that to release the final version.  We concluded that this did
not provide users a large enough window to get the beta, test it
and report any bugs back to us.  In addition the release candidate
didn't serve much purpose.  For this release we are changing our
process.  We shall release the beta and then roughly one month
later (currently scheduled for September 1st) release the final
version.  This schedule may be altered depending on what, if any,
bugs are reported during the beta window.

A list of the changes in this release has been appended to the end
of this message.  For a complete list of changes from any previous
release, please consult the RELNOTES file within the source distribution.

https://www.isc.org/downloads/DHCP/
All IP devices need addresses, and ISC DHCP is the easiest and most efficient way to provide them. ISC DHCP is open source software that implements the Dynamic Host Configuration Protocol for connection to an IP network. It is production-grade software that offers a complete solution for ...
1
Add a comment...
 
9.10.3 will include a few new features which have been shown to help mitigate the impact of the pseudo-random domain DDoS on resolvers.
BIND 9.9.8/9.10.3 BETA test begins
Tue, August 4, 2015, 10:00 PM

1
Add a comment...
 
Another great loss, Casper Bowden, a British privacy advocate who campaigned against the UK's key-escrow cryptography policy also passed away last week. 
Caspar Bowden, a leading British privacy advocate most well known for foreshadowing the revelations made by Edward Snowden, died of a fast-spreading skin cancer on Thursday in southern France, where he lived, his wife Sandi announced on Twitter.
1
1
Add a comment...
 
If you are using Google +, possibly you know how to use Google Docs?? If so, we invite you to review and comment on a proposed new BIND feature.

This feature would allow you to add new zones on your slaves by adding new zone information to an existing special zone on the master, that we are calling the Catalog zone.  For administrators with multiple slaves, this could be quite a significant operational improvement, allowing you a scaleable way to add and remove zones on slaves without restarting, or scripting.
Drive
BIND 9.11 Easy Add Zone feature requirementsRevision History Date Version Comment 2015-02-17 2 Distributed for internal comments 2015-04-08 3 2015-05-01 4 Initial version for external comments 2015-07-01 5 Added use cases 2015-07-03 6 Updated use cases 2015-07-03 7 changed the name of the feature - I am open to s
1
1
Add a comment...
 
Participate in the Kea DHCP server Beta Test!
Version 0.92 BETA was posted on June 30th. This version adds statistics, and includes multiple methods for tracking clients, including HW ID for DHCPv6 clients.  We also are now cleaning up expired leases, making this usable for a public wifi application.
kea.isc.org
1
Add a comment...
 
Test your DNS server's level of compliance with the EDNS specification here (http://ednscomp.isc.org/compliance/summary.html) If your DNS server responds badly to new, unknown EDNS options, you could be at risk of losing effective EDNS support. There are several new features coming that use EDNS. 
https://www.isc.org/blogs/partial-edns-compliance-hampers-deployment-of-new-dns-features/
EDNS Compliance Report: 2015-07-09T12:37:35Z. EDNS has been a defined standards track protocol extension to the DNS for 15 years. EDNS support is a node requirement for IPv6 and is a requirement for DNSSEC. We look at the level of nominal EDNS support and at the level of compliance to the ...
1
Add a comment...
People
In their circles
1 person
Have them in circles
162 people
Tim Christensen's profile photo
lucer me's profile photo
Dani Ortez's profile photo
Kenneth Dahle's profile photo
Recep Girmiş's profile photo
siew chui's profile photo
Tiago Lira's profile photo
常璨's profile photo
KAVISH JAISWAL's profile photo
Contact Information
Contact info
Email
Story
Tagline
Developers and maintainers of Critical Internet Infrastructure software and services
Introduction
Developer and distributor of BIND, ISC DHCP and Kea. Operator of F-root, one of 13 Internet root name servers. Network status at status.isc.org