Re: Vulnerabilities to bind-libs bind-utils - possible to remove these on webservers

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



I just tried out removal of bind-utils on a soon to be retired machine.  It seems fine with the caveat that we lose /bin/host and /bin/dig

Perhaps a perl script might suffice to emulate 'host' on machines that might need the occasional networking debug session.  Just typed this up, so FWIW:

use Net::DNS;

my $res = Net::DNS::Resolver->new();
my $sought = $ARGV[0];
my $a_query = $res->search($sought);
if ($a_query) {
  foreach my $rr ($a_query->answer) {
    if( $rr->type eq 'A' ){
      printf("%s has address %s\n", $sought, $rr->address);
    } elsif( $rr->type eq 'CNAME' ){
      printf("%s is an alias for %s\n", $sought, $rr->cname);
      $sought = $rr->cname;
    }
  }
} else {
    warn "Unable to obtain a record for $ARGV[0]: ", $res->errorstring, "\n";
}


On 6/24/19, 10:02 AM, "CentOS on behalf of mark" <centos-bounces@xxxxxxxxxx on behalf of m.roth@xxxxxxxxx> wrote:

    Peda, Allan (NYC-GIS) wrote:
    > I think the subject says it all.  We don't run named.  It seems there are
    > chronic issues with bind.  Can these packages be removed?
    >
    > We locally authenticate. I see this:
    >
    > Removing for dependencies:
    > bind-utils ipa-client sssd sssd-ad sssd-ipa
    >
    > We shouldn't need any of that with local authentication (/etc passwd and
    > /etc/shadow) right?
    
    Are you running sssd? Are you connected to the AD?
    
        mark (we do, and we are)
    
    _______________________________________________
    CentOS mailing list
    CentOS@xxxxxxxxxx
    https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.centos.org_mailman_listinfo_centos&d=DwICAg&c=Ftw_YSVcGmqQBvrGwAZugGylNRkk-uER0-5bY94tjsc&r=Tou2GfskafF_UnC0yPjAjEzLDhbALx-0EDoLp3_iSss&m=a3ZtigkKfdV2C-tKLDVYICLN8wbT_4sjV2wJ41VSGK8&s=IN9NvDKi-LGcoVnrMKW6KR7GRFUcA0OT_SQ4UEaDmb0&e= 
    


This message contains information which may be confidential and privileged. Unless you are the intended recipient (or authorized to receive this message for the intended recipient), you may not use, copy, disseminate or disclose to anyone the message or any information contained in the message.  If you have received the message in error, please advise the sender by reply e-mail, and delete the message.  Thank you very much.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
https://lists.centos.org/mailman/listinfo/centos




[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]


  Powered by Linux