How does one query the level of DNS bind your IBM i currently serves up?
Our external security scans query our DMZ IBM i's serving up DNS and
report their level of bind. Of course, it's always way behind and ruled
so out of date and full of security holes.
I have some other lpars and I am really curious as to how I could query
them and determine their level of bind.
IBM i takes the approach that they will make little to no effort to be
current on the level of bind. Instead, they will listen to you report a
particular CVE that you have an issue with and they will issue a PTF which
will address this CVE. But they will not upgrade the level of bind. Their
opinion is that they'd rather just keep patching the old level of bind and
not download a new level of bind and customize it for IBM i and patch any
newly discovered CVEs. Of course, my security audits look like crap. And,
no, I cannot convince the external scanning people to go through all the
hoops of saying this is the CVE, doing a PTF search for some PTF that
covers that CVE and seeing if we have that applied and stop reporting that
CVE. That's outside the scope of their responsibilities (and they're
wholly owned by IBM). Instead I have to type up an exception to that
ding, store it somewhere, and see if we can customize the audit to say
stop reporting it and this is why... Also, they report the CVE simply by
the bind level, not whether or not they can do what the CVE suggests can
be done.
And, the audit scan reports the OS running on IBM i as "FreeBSD
6.2-RELEASE"
In summary, I just want to know how I can query the bind levels of these
other lpars, before I turn them over to the scanning service.
Rob Berendt
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.