Page 2 of 2

Re: DNS doozy, is there a 6.5.22m fix for this?

Posted: Mon Sep 29, 2008 6:57 am
by nekonoko
Ha, they changed it - even has pretty graphics! This is what I get now:

Code: Select all

   1. 64.81.247.28 (wadatsumi.nekochan.net) appears to have GREAT source port randomness and GREAT transaction ID randomness.


Of course, BIND has been updated a couple times since I last tested, so maybe that has something to do with it too.

http://entropy.dns-oarc.net/test/

... and:

Code: Select all

# dig +short txidtest.dns-oarc.net TXT
txidtest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"64.81.247.28 is GREAT: 26 queries in 0.4 seconds from 25 txids with std dev 19131"

Re: DNS doozy, is there a 6.5.22m fix for this?

Posted: Mon Sep 29, 2008 8:17 am
by hamei
nekonoko wrote:Ha, they changed it - even has pretty graphics! This is what I get now:

Code: Select all

   1. 64.81.247.28 (wadatsumi.nekochan.net) appears to have GREAT source port randomness and GREAT transaction ID randomness.

Oh poop. And I was winning until we got to the flag :(

Re: DNS doozy, is there a 6.5.22m fix for this?

Posted: Sat Mar 28, 2009 4:55 pm
by SAQ
No 6.5.22 fix, but they released a 6.5.28,29 &30 fix for this about a month and a half ago (forgot about it).

Patch 7228.

I wonder if you could force install on .22. I'd have to see what BIND changes SGI made since then, I guess.

Re: DNS doozy, is there a 6.5.22m fix for this?

Posted: Sun Nov 15, 2009 11:07 am
by zuluchas
BTW, Patch 7228 has been replaced by 7234 as of 6 Nov '09 and is available for dl from supportfolio. Good to see SGI's still giving some support!

I tried using sgisync to pick it up, but got no joy with version 0.64.

On an octane running 6.5.22 (unpatched), I had mixed results:

Code: Select all

charmed 1# dig +short txidtest.dns-oarc.net TXT
txidtest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"1.2.3.4 is GREAT: 26 queries in 2.7 seconds from 26 txids with std dev 17795"
charmed 2# uname -aR
IRIX64 charmed 6.5 6.5.22m 10070055 IP30
charmed 3# dig +short porttest.dns-oarc.net TXT
porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"1.2.3.4 is POOR: 26 queries in 2.7 seconds from 26 ports with std dev 8"
charmed 4#


I won't get around to trying out this patch anytime soon, but hope it helps someone!