Is 9.3.4-P1 OK?

[Jeff Lightner]

Similarly the 9.3.4-P1 for RHEL5 was backported and tests "great".

-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Evan Hunt
Sent: Sunday, August 03, 2008 12:40 PM
To: Karl Auer
Cc: BIND users
Subject: Re: Is 9.3.4-P1 OK?


> Anyway, my question: Is this enough? Or do I have to upgrade
(manually)
> to 9.5.0-Pn? I am talking only about dealing with the Kaminsky
> vulnerability here, not about any other great reasons there may be for
> upgrading.

This:
https://code.launchpad.net/ubuntu/feisty/+source/bind9/1:9.3.4-2ubuntu2.
3

...says that Ubuntu has rolled the port randomization changes into
9.3.4 for Feisty.  So you should be okay.

BTW, I recommend https://www.dns-oarc.net/oarc/services/dnsentropy for
port randomness testing; it includes a scatter plot graphic, which can
help you spot patterns and clusters that might not be noticed otherwise.
(It alerted me to a serious problem with my NAT router's firmware, so
now I'm proselytizing.)

-- 
Evan Hunt -- evan_hunt at isc.org
Internet Systems Consortium, Inc.
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------