Bind-9.5.0-P2 testing

Binmakhashen, Latif Latif.Binmakhashen at omnicare.com
Mon Aug 18 22:08:23 UTC 2008


That's a very interesting question because I'm pretty much on the same
boat. 
I just upgraded to bind-9.5.0-P2 and was looking for a good tool that
will show me if this version really fixes the DNS cache poisoning issue.
 
I found the following tool which I believe is pretty good but it
probably does more check than just the DNS cache poisoning... 
 
Go here and under Testing and Reporting Tools, run the DNS Vulnerability
Testing Tool => Test Now. 
 
http://www.infoblox.com/library/dns-security-center.cfm#2
 
I'm getting POOR for the Source Port randomness and GREAT for the
transaction ID randomness. 
Is that expected? Does the source port randomness has something to do
with the way named.conf is setup?
 
Also, another test from the command line is showing a POOR result? Refer
to the following link for more info about the command line test:
 
https://www.dns-oarc.net/oarc/services/porttest
 
# dig @hpadm2 +short porttest.dns-oarc.net TXT
porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.n
et.
"12.109.107.60 is POOR: 26 queries in 2.1 seconds from 1 ports with std
dev 0"
 
 
Anybody has an idea? 
 
 
Thanks
Latif
 
-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Andrey G. Sergeev (AKA Andris)
Sent: Monday, August 18, 2008 4:51 PM
To: bind-users at isc.org
Subject: Re: Bind-9.5.0-P2 testing
 
Hello Gregory,
 
 
Mon, 11 Aug 2008 20:29:21 -0700 (PDT) Gregory Hicks wrote:
 
> I've updated my servers to 9.5.0-P2 and would like to load
> test them.
> 
> Does anyone have any reccomendations on how to do this?
 
I suggest you to use the dnsperf and resperf tools:
http://www.nominum.com/services/measurement_tools.php
The Nominum site has a PDF document describing the method on measuring 
performance of caching servers.
 
You might also want to take a look at this methodic:
http://new.isc.org/proj/dnsperf/ISC-TN-2008-1.html
 
 
-- 
 
Yours sincerely,
 
Andrey G. Sergeev (AKA Andris)     http://www.andris.name/
 

-- NOTICE -- 
The information transmitted is intended only for the person or
entity to which it is addressed and may contain confidential and/or
privileged material, the disclosure of which is governed by
applicable law. Any review, retransmission, dissemination or other
use of, or taking of any action in reliance upon, this information
by persons or entities other than the intended recipient is
prohibited. If you received this in error please contact the sender
and destroy the materials contained in this message.



More information about the bind-users mailing list