Report information
The Basics
Id:
45231
Status:
new
Priority:
Medium/Medium
Queue:
bind9-public
People
Owner:
Nobody in particular
Requestors:
Ray Bellis <ray@isc.org>
Cc:
AdminCc:
BugTracker
Version Fixed:
(no value)
Version Found:
(no value)
Versions Affected:
(no value)
Versions Planned:
(no value)
Priority:
(no value)
Severity:
(no value)
CVSS Score:
(no value)
CVE ID:
(no value)
Component:
(no value)
Area:
feature
Dates
Created:Mon, 15 May 2017 08:56:55 -0400
Updated:Tue, 25 Jul 2017 11:35:28 -0400
Closed:Not set

This bug tracker is no longer active.

Please go to our Gitlab to submit issues (both feature requests and bug reports) for active projects maintained by Internet Systems Consortium (ISC).

Due to security and confidentiality requirements, full access is limited to the primary maintainers.

History
  Mon, 15 May 2017 08:56:56 -0400 Ray Bellis <ray@isc.org> - Ticket created
Subject: Security of dynamic updates
Date: Mon, 15 May 2017 14:56:48 +0200
To: bind-suggest@isc.org
From: "Ray Bellis" <ray@isc.org>

Just a straw-man proposal, prompted by what we've just seen at DNS-OARC. <https://indico.dns-oarc.net/event/26/session/4/contribution/19/material/slides/0.pdf> I suggest that BIND should default to permitting only TCP transport for dynamic updates that are only controlled by an IP ACL, unless deliberately configured otherwise by the administrator. Ray
Tue, 25 Jul 2017 11:35:28 -0400 Vicky Risk <vicky@isc.org> - Queue changed from #3 to bind9-public
Tue, 25 Jul 2017 11:35:28 -0400 Vicky Risk <vicky@isc.org> - Area feature added