North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: The SWAMP
> From: Eric Ziegast <[email protected]> > To: [email protected]; [email protected] > Subject: Re: The SWAMP > Date: Monday, September 09, 1996 7:47 PM > In cron: > > # pick a random time once a week > 31 10 * * 4 /usr/sbin/update-root > # some other time during the week > 23 20 * * 6 /usr/sbin/named.restart > > The shell script (off the top of my head): > > #!/bin/sh > tmp=/tmp/rs$$ > trap "rm -f $tmp" 1 2 3 14 15 > chdir /etc/namedb > ncftp -a -d 600 -g 5 ftp.root-servers.net:/named.root > if [ ! -r named.root ]; then > Mail -s "Could not get root nameserver list" hostmaster > fi > diff root.cache root-servers > $tmp > if [ -s $tmp ]; then > mv named.root root.cache # fails if couldn't download > Mail -s "Root server update" hostmaster < $tmp > fi > rm -f $tmp I don't like "automatic" updates. Sure it is convenient, but for something as mission-critical as name service, I would hesitate to automatically trust whatever happens to be at ftp.root-servers.net:/named.root on any given day. I would want to review it first. Plus, on most BSDish systems /etc/crontab is world readable by default. A cracker would know the exact time to attempt to hijack the FTP session and insert: . IN NS you.got.hacked.net. you.got.hacked.net. IN A 10.1.2.3 -BD - - - - - - - - - - - - - - - - -
|