This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Astaro vulnerable to current DNS security hole?

As the DNS-checker on http://doxpara.com shows our 7.201 as possibly vulnerable to the global DNS security problem known since yesterday, I'm wondering if the DNS resolver cache on ASG can by compromised remotely by wrong entries (cache poisoning).

Is there an official comment by Astaro to this problem?

Massive, Coordinated Patch To the DNS Released
Tuesday July 08, @03:12PM
http://it.slashdot.org/it/08/07/08/195225.shtml

This thread was automatically locked due to age.

0 Jayson over 17 years ago

As the DNS-checker on http://doxpara.com shows our 7.201 as possibly vulnerable to the global DNS security problem known since yesterday, I'm wondering if the DNS resolver cache on ASG can by compromised remotely by wrong entries (cache poisoning).

Is there an official comment by Astaro to this problem?

Massive, Coordinated Patch To the DNS Released
Tuesday July 08, @03:12PM
http://it.slashdot.org/it/08/07/08/195225.shtml

Yes, ASG can be hit by this issue. (at least mine proved to be)

"Your name server, at ***.***.***.***, appears vulnerable to DNS Cache Poisoning.

All requests came from the following source port: 3732
--------------------------------------------------------------------------------
Requests seen for d45afa621daf.toorrr.com:
216.11.92.50:3732 TXID=5486
216.11.92.50:3732 TXID=5501
216.11.92.50:3732 TXID=11666
216.11.92.50:3732 TXID=13721
216.11.92.50:3732 TXID=11712"
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 17 years ago in reply to Jayson

One potential workaround is to make sure that Astaro's DNS settings are pointed at an upstream server which IS patched.

Barry
Cancel
Vote Up 0 Vote Down

Cancel
0 ScottL over 17 years ago in reply to BarryG

That's what we are doing. We are pointing to opendns.com(which is a great service by the way).

-Scott
Cancel
Vote Up 0 Vote Down

Cancel
0 tom_01 over 17 years ago in reply to ScottL

We have fixed packages ready, they will be contained in 7.300 GA, and also in the next 7.300 BETA release.
Cancel
Vote Up 0 Vote Down

Cancel
0 RFCat_vk_01 over 17 years ago in reply to tom_01

Hi Tom,
when will the next beta be released. I am a bit suprised there hasn't been another B release. Maybe the ASG is becoming to complex for quick releases, I am not complaining if it is, it means the product is becoming more secure and robust.

Ian M[[:)]][[:)]]
Cancel
Vote Up 0 Vote Down

Cancel
0 BrucekConvergent over 17 years ago in reply to RFCat_vk_01

Yeah, I opened a case on this; it sounds like they're adding the patches to 7.300 ... I'll be testing it again when the next Beta rolls out.
Cancel
Vote Up 0 Vote Down

Cancel
0 gnujuba over 17 years ago in reply to BrucekConvergent

what about v6 users? is v6 still supported?
for a security product this patch should have been released days ago...
i am happy i dont use dns from astaro ...
Cancel
Vote Up 0 Vote Down

Cancel
0 gnujuba over 17 years ago in reply to Jayson

Your name server, at ***.***.***.***, appears vulnerable to DNS Cache Poisoning.

always good to hide your ip ...

216.11.92.50:3732 TXID=5486
216.11.92.50:3732 TXID=5501
216.11.92.50:3732 TXID=11666
216.11.92.50:3732 TXID=13721
216.11.92.50:3732 TXID=11712
ehhh [H] [:D] [;)] [:P]
Cancel
Vote Up 0 Vote Down

Cancel
0 Jack Daniel over 17 years ago in reply to gnujuba

7.202 was release today, it addresses a variety of DNS issues, including the BIND update to resolve the cache poisoning vulnerability.
Cancel
Vote Up 0 Vote Down

Cancel