3 thoughts on - Vulnerabilities To Bind-libs Bind-utils – Possible To Remove These On Webservers

• Which packages installed them as dependencies?

• Peda, Allan (NYC-GIS) wrote:

  Are you running sssd? Are you connected to the AD?

  mark (we do, and we are)

• I just tried out removal of bind-utils on a soon to be retired machine. It seems fine with the caveat that we lose /bin/host and /bin/dig

  Perhaps a perl script might suffice to emulate ‘host’ on machines that might need the occasional networking debug session. Just typed this up, so FWIW:

  use Net::DNS;

  my $res = Net::DNS::Resolver->new();
  my $sought = $ARGV[0];
  my $a_query = $res->search($sought);
  if ($a_query) {
  foreach my $rr ($a_query->answer) {
  if( $rr->type eq ‘A’ ){
  printf(“%s has address %s\n”, $sought, $rr->address);
  } elsif( $rr->type eq ‘CNAME’ ){
  printf(“%s is an alias for %s\n”, $sought, $rr->cname);
  $sought = $rr->cname;
  }
  }
  } else {
  warn “Unable to obtain a record for $ARGV[0]: “, $res->errorstring, “\n”;
  }

   > I think the subject says it all. We don’t run named. It seems there are
  > chronic issues with bind. Can these packages be removed?
  >
  > We locally authenticate. I see this:
  >
  > Removing for dependencies:
  > bind-utils ipa-client sssd sssd-ad sssd-ipa
  >
  > We shouldn’t need any of that with local authentication (/etc passwd and
  > /etc/shadow) right?

  Are you running sssd? Are you connected to the AD?

  mark (we do, and we are)