Vulnerability to cache poisoning -- the rest of the solution
James Pratt
jpratt at norwich.edu
Fri Jul 11 22:14:04 UTC 2008
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of
> Peter Laws
> Sent: Friday, July 11, 2008 6:00 PM
> To: bind-users at isc.org
> Subject: Re: Vulnerability to cache poisoning -- the rest of the
solution
>
> Alan Clegg wrote:
> > For now, randomize your query source ports. Please.
>
> Is that something you have to positively do (i.e., not a default), or
does
> it happen automagically with the updated BIND(s)?
>
>
> --
> Peter Laws / N5UWY
> National Weather Center / Network Operations Center
> University of Oklahoma Information Technology
> plaws at ou.edu
>
-----------------------------------------------------------------------
> Feedback? Contact my director, Craig Cochell, craigc at ou.edu. Thank
you!
>
>
Actually, no - you have to ensure that a "query-source port 53;" line
does not exist in your named.conf (I found this out via a posting
earlier. No one else mentioned it before, or I have been missing emails!
:(
Regards,
jamie
More information about the bind-users
mailing list