Pages

Wednesday, July 9, 2008

Blogspot and other Domains DNS redirected on ISP > Refresh time

Internet realtime refresh site
30 minutes ago: Post enrry not to see / isp TOT dns1 + dns2 Anti DNS spoofing KB951748 installed

57 minutes ago: Post entry shown up on this site / isp TOT

/Browser Catch independend using MSIE, Firefox, Opera, Safari @ 8x ISP reconnect to resolve different IP's (dyn ip)

As 2 Days ago in national Newspaper an article reports with the question why natinal ISP redirect DNS. Symptom like catch server between oversee http requests/answers from websites (refresh time) get website in old version until catche svr on isp supply actual version of websites (DNS spoofing possible).

Why is the international internet speed per user now limit to 56kb/s like a analogue Modem by the fastest ADSL package @Linux/Windows/MacOSX different hardware, router,... ???


Microsoft releaded yeasterday a security update for Windows OS:

Microsoft Security Bulletin MS08-037 – Important
Vulnerabilities in DNS Could Allow Spoofing (953230)

This security update resolves two privately reported vulnerabilities in the Windows Domain Name System (DNS) that could allow spoofing. These vulnerabilities exist in both the DNS client and DNS server and could allow a remote attacker to redirect network traffic intended for systems on the Internet to the attacker’s own systems.
This security update is rated Important for all supported editions of Microsoft Windows 2000, Windows XP, Windows Server 2003, and Windows Server 2008. For more information, see the subsection, Affected and Non-Affected Software, in this section.
The security update addresses the vulnerabilities by using strongly random DNS transaction IDs, using random sockets for UDP queries, and updating the logic used to manage the DNS cache. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.
Recommendation. Microsoft recommends that customers apply the update at the earliest opportunity.

http://www.microsoft.com/technet/security/bulletin/MS08-037.mspx

What are the uninstall issues that customers may experience after installing these security updates?
Supported editions of Microsoft Windows 2000 and Windows 2003 systems will receive the DNS server update as well as the DNS client updates. The DNS server update and the DNS client updates share binaries and must be uninstalled in the reverse order that they were installed to avoid regressing the shared binaries to previous versions. Microsoft Knowledge Base Article 823836 documents the currently known issues that customers may experience when they uninstall these security updates.
What are the random socket connection issues that customers may experience when installing this security update?By default, the DNS updates offered by this security bulletin will take advantage of a large number of available sockets to offer greater entropy. However, if the user has defined port ranges in the registry, then the updates will respect the user-defined settings and will only allocate the defined sockets.
Socket ranges can be defined in the following registry location:HKLM\System\CurrentControlSet\Services\DNS\Parameters Reg key Name: SocketPoolSizeNote The DNS service must be restarted to implement these changes.
What does defining the socket pool range do?It may be necessary to define the range of sockets that DNS can choose from to avoid conflicting with other applications or services that need the same socket pool for their communications. See MaxUserPort and Microsoft Knowledge Base Article 812873 for more details about these registry key settings.
What are the differences between operating systems when defining the socket pool ranges?The MaxUserPort registry Key has different meanings on Windows Vista and Windows Server 2008 than on Microsoft Windows Server 2000 and Windows Server 2003. Microsoft knowledge Base Article 929851 details the change in behavior for Windows Vista and Windows Server 2008.
In Microsoft Windows Server 2000 and Windows Server 2003, setting the MaxUserPort defines the ending point of the dynamic port range. The range starts at 1024 and continues to the user-defined value in the MaxUserPort registry key setting. After installing the updates offered by this security bulletin, the default behavior on Microsoft Windows Server 2000 and Windows Server 2003 will be to allocate sockets randomly from the port range 49152 to 65535. If the MaxUserPort range has been defined, then ports will be allocated randomly from 1024 to the defined value in the MaxUserPort registry key setting. Visit Microsoft Knowledge Base Article 812873 for more information on reserving port ranges on Microsoft Windows 2000 Server and Windows Server 2003.
In Windows Vista and Windows Server 2008, setting the MaxUserPort defines the starting point of the dynamic port range. By default, the range on Windows Vista and Windows Server 2008 is 49152 to 65535.
Where are the file information details? The file information details can be found in Microsoft Knowledge Base Article 953230.
http://support.microsoft.com/kb/929851
HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/58791.mspx?mfr=true
Determines the highest port number TCP can assign when an application requests an available user port from the system. Typically, ephemeral ports (those used briefly) are allocated to port numbers 1024 through 5000.
possible values: 5,000–65,534 ( port number )
Windows 2000, XP does not add this entry to the registry. You can add it by editing the registry or by using a program that edits the registry.

http://support.microsoft.com/?kbid=951748
http://support.microsoft.com/kb/951748

MaxCacheEntryTtlLimit
http://www.microsoft.com/technet/prodtechnol/windows2000serv/reskit/regentry/30659.mspx?mfr=true
HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters

REG_DWORD
0x1–0xFFFFFFFF ( seconds )
0x15180 ( 86400 seconds = 1 day )
Establishes the maximum time that a Domain Name System (DNS) record, other than an SOA (Start of Authority) record, can remain in the DNS cache.
This entry establishes a ceiling for Time-to-Live (TTL) values of non-SOA records. By default, the TTL value in the DNS answer record determines how long records are saved in the DNS cache. However, if a TTL value in a DNS answer record exceeds the value of this entry, it is ignored, and the DNS client sets the TTL value to the value of this entry.
Activation method
To make changes to this entry effective, restart the DNS client service or restart Windows. This entry does not apply to SOA records. The maximum TTL for SOA records is determined by the value of the MaxSOACacheEntryTtlLimit entry.
http://www.2oak.com/search?q=MaxCacheEntryTtlLimit

Download:
http://www.microsoft.com/downloads/results.aspx?pocId=&freetext=KB951748&DisplayLang=en

No comments:

Post a Comment