On Thu, Feb 01, 2007 at 02:05:23PM -0500, David Cantrell wrote: > On Thu, 2007-02-01 at 13:32 -0500, Jack Neely wrote: > > I've had some problems installing RHEL on a specific VLAN at work. The > > problem is that the loader does DNS requests but the router was dropping > > the DNS replies therefore the loader couldn't resolve its IP and the URL > > where the kickstart lived. > > > > Turns out that UDP packets heading toward the servers on this VLAN with > > destination port of 32768 are dropped by an ACL put in place to meet > > some security requirements of an out sourced credit card charging > > company. The security policy states some concerns that this is a port > > that solaris commonly uses for the NFS statd RPC server. > > > > The security folks here expressed concern that the loader wasn't > > randomizing the DNS port as normal resolvers do. I know the environment > > for the loader is pretty restrictive. Is it possible to choose a more > > random port and/or incriment the port used if DNS queries are failing? > > Possible. Our DNS lookup code (isys/dns.c) is pretty simple because we > can't use glibc's libresolv stuff because of NSS (can't offer DSOs in > the loader environment). > > File a bug so we have some way to track this feature. > > -- > David Cantrell <dcantrell@xxxxxxxxxx> > Red Hat / Westford, MA Thanks David. I've filed #227432 for this. My security folks started waving their hands about this. I've been trying to convice them that the loader is a very small environment that used for one thing.... Jack > _______________________________________________ > Anaconda-devel-list mailing list > Anaconda-devel-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/anaconda-devel-list -- Jack Neely <jjneely@xxxxxxxx> Campus Linux Services Project Lead Information Technology Division, NC State University GPG Fingerprint: 1917 5AC1 E828 9337 7AA4 EA6B 213B 765F 3B6A 5B89
