Bind-9.5.0-P2 testing

Mark Andrews Mark_Andrews at isc.org
Tue Aug 19 02:06:08 UTC 2008


> That's a very interesting question because I'm pretty much on the same
> boat. 
> I just upgraded to bind-9.5.0-P2 and was looking for a good tool that
> will show me if this version really fixes the DNS cache poisoning issue.
>  
> I found the following tool which I believe is pretty good but it
> probably does more check than just the DNS cache poisoning... 
>  
> Go here and under Testing and Reporting Tools, run the DNS Vulnerability
> Testing Tool => Test Now. 
>  
> http://www.infoblox.com/library/dns-security-center.cfm#2
>  
> I'm getting POOR for the Source Port randomness and GREAT for the
> transaction ID randomness. 
> Is that expected? Does the source port randomness has something to do
> with the way named.conf is setup?
>  
> Also, another test from the command line is showing a POOR result? Refer
> to the following link for more info about the command line test:
>  
> https://www.dns-oarc.net/oarc/services/porttest
>  
> # dig @hpadm2 +short porttest.dns-oarc.net TXT
> porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.n
> et.
> "12.109.107.60 is POOR: 26 queries in 2.1 seconds from 1 ports with std
> dev 0"
>  
>  
> Anybody has an idea? 

	Look at named.conf and remove/adjust the query-source directive
	so that a port is *not* specified.

> Thanks
> Latif
>  
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> Behalf Of Andrey G. Sergeev (AKA Andris)
> Sent: Monday, August 18, 2008 4:51 PM
> To: bind-users at isc.org
> Subject: Re: Bind-9.5.0-P2 testing
>  
> Hello Gregory,
>  
>  
> Mon, 11 Aug 2008 20:29:21 -0700 (PDT) Gregory Hicks wrote:
>  
> > I've updated my servers to 9.5.0-P2 and would like to load
> > test them.
> > 
> > Does anyone have any reccomendations on how to do this?
>  
> I suggest you to use the dnsperf and resperf tools:
> http://www.nominum.com/services/measurement_tools.php
> The Nominum site has a PDF document describing the method on measuring 
> performance of caching servers.
>  
> You might also want to take a look at this methodic:
> http://new.isc.org/proj/dnsperf/ISC-TN-2008-1.html
>  
>  
> -- 
>  
> Yours sincerely,
>  
> Andrey G. Sergeev (AKA Andris)     http://www.andris.name/
>  
> 
> -- NOTICE -- 
> The information transmitted is intended only for the person or
> entity to which it is addressed and may contain confidential and/or
> privileged material, the disclosure of which is governed by
> applicable law. Any review, retransmission, dissemination or other
> use of, or taking of any action in reliance upon, this information
> by persons or entities other than the intended recipient is
> prohibited. If you received this in error please contact the sender
> and destroy the materials contained in this message.
> 
> 
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark_Andrews at isc.org


More information about the bind-users mailing list