Profile

Cover photo
Internet Systems Consortium
154 followers|24,848 views
AboutPostsPhotosYouTube

Stream

 
We have just published a BIND security vulnerability, CVE-2015-5477: An error in handling TKEY queries can cause named to exit with a REQUIRE assertion failure.  The official CVE announcement is here: https://kb.isc.org/article/AA-01272

This impacts both Resolvers and Authoritative servers, from 9.1.0 onwards.  Patch releases are posted for BIND 9.9.7 and 9.10.2. 

Found by Jonathan Foote, using the American Fuzzy Lop tool.  
american fuzzy lop (1.84b). American fuzzy lop is a security-oriented fuzzer that employs a novel type of compile-time instrumentation and genetic algorithms to automatically discover clean, interesting test cases that trigger new internal states in the targeted binary.
1
1
MAR matusita's profile photo
Add a comment...
 
This is being shared on some IETF mailing lists. Özgür Uçkan, a strong proponent of Digital freedom, anti-censorship, died on July 10th.  http://globalvoicesonline.org/2015/07/12/r-i-p-ozgur-uckan-netizens-of-turkey-lose-one-of-their-best/
Dr. Özgür Uçkan, a leading light in the battle for Internet freedom in Turkey, died on July 10, 2015.
1
Add a comment...
 
Facebook is using our new Kea DHCP server successfully in their datacenter. The engineer who did the integration explains his motivation, and the impact of the project, below.

If you have successfully used any of ISC's open source for a significant project in your organization, and you think there are lessons of interest to others in your experience, we would love to publish your story. 
1
Add a comment...
 
Come to the IETF meeting in Prague a couple of days early, and participate in the hackathon!  There are multiple interesting projects in both the DNS and DHC working groups. https://www.ietf.org/registration/MeetingWiki/wiki/93hackathon
IETF Hackathon
Sat, July 18, 9:00 AM GMT+2
Prague

1
Add a comment...
 
Kea 0.92 Release
Yesterday, July 28, 10:00 PM

1
Internet Systems Consortium's profile photo
 
The Kea release is posted!  Please download it and give it a spin. We have added some management features with this release, logging and diagnostics to aid in managing a production environment.
https://kb.isc.org/article/AA-01277/211/Kea-0.9.2-Release-Notes.html
Add a comment...
In their circles
1 person
Have them in circles
154 people
Bonano Js's profile photo
Chris Crawford's profile photo
Stephen Miller's profile photo
Mithulesh Medhi's profile photo
rasheed azazi's profile photo
Anabell martinez gonzalea's profile photo
Mirek Hankus's profile photo
Mark Lands's profile photo
Dmitry Goloshubov's profile photo
 
9.10.3 will include a few new features which have been shown to help mitigate the impact of the pseudo-random domain DDoS on resolvers.
BIND 9.9.8/9.10.3 BETA test begins
Tue, August 4, 10:00 PM

1
Add a comment...
 
Another great loss, Casper Bowden, a British privacy advocate who campaigned against the UK's key-escrow cryptography policy also passed away last week. 
Caspar Bowden, a leading British privacy advocate most well known for foreshadowing the revelations made by Edward Snowden, died of a fast-spreading skin cancer on Thursday in southern France, where he lived, his wife Sandi announced on Twitter.
1
1
Retnan Daser's profile photo
Add a comment...
 
If you are using Google +, possibly you know how to use Google Docs?? If so, we invite you to review and comment on a proposed new BIND feature.

This feature would allow you to add new zones on your slaves by adding new zone information to an existing special zone on the master, that we are calling the Catalog zone.  For administrators with multiple slaves, this could be quite a significant operational improvement, allowing you a scaleable way to add and remove zones on slaves without restarting, or scripting.
Drive
BIND 9.11 Easy Add Zone feature requirementsRevision History Date Version Comment 2015-02-17 2 Distributed for internal comments 2015-04-08 3 2015-05-01 4 Initial version for external comments 2015-07-01 5 Added use cases 2015-07-03 6 Updated use cases 2015-07-03 7 changed the name of the feature - I am open to s
1
1
KG PEMASIRI's profile photo
Add a comment...
 
Participate in the Kea DHCP server Beta Test!
Version 0.92 BETA was posted on June 30th. This version adds statistics, and includes multiple methods for tracking clients, including HW ID for DHCPv6 clients.  We also are now cleaning up expired leases, making this usable for a public wifi application.
kea.isc.org
1
Add a comment...
 
Test your DNS server's level of compliance with the EDNS specification here (http://ednscomp.isc.org/compliance/summary.html) If your DNS server responds badly to new, unknown EDNS options, you could be at risk of losing effective EDNS support. There are several new features coming that use EDNS. 
https://www.isc.org/blogs/partial-edns-compliance-hampers-deployment-of-new-dns-features/
EDNS Compliance Report: 2015-07-09T12:37:35Z. EDNS has been a defined standards track protocol extension to the DNS for 15 years. EDNS support is a node requirement for IPv6 and is a requirement for DNSSEC. We look at the level of nominal EDNS support and at the level of compliance to the ...
1
Add a comment...
 
ISC DHCP 4.3.3 Release
Tue, September 1, 7:00 PM PDT
Redwood City

1
Add a comment...
People
In their circles
1 person
Have them in circles
154 people
Bonano Js's profile photo
Chris Crawford's profile photo
Stephen Miller's profile photo
Mithulesh Medhi's profile photo
rasheed azazi's profile photo
Anabell martinez gonzalea's profile photo
Mirek Hankus's profile photo
Mark Lands's profile photo
Dmitry Goloshubov's profile photo
Contact Information
Contact info
Email
Story
Tagline
Developers and maintainers of Critical Internet Infrastructure software and services
Introduction
Developer and distributor of BIND, ISC DHCP and Kea. Operator of F-root, one of 13 Internet root name servers. Network status at status.isc.org