Vulnerability to cache poisoning -- the rest of the solution

James Pratt jpratt at norwich.edu
Fri Jul 11 22:14:04 UTC 2008


> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of
> Peter Laws
> Sent: Friday, July 11, 2008 6:00 PM
> To: bind-users at isc.org
> Subject: Re: Vulnerability to cache poisoning -- the rest of the
solution
> 
> Alan Clegg wrote:
> > For now, randomize your query source ports.  Please.
> 
> Is that something you have to positively do (i.e., not a default), or
does
> it happen automagically with the updated BIND(s)?
> 
> 
> --
> Peter Laws / N5UWY
> National Weather Center / Network Operations Center
> University of Oklahoma Information Technology
> plaws at ou.edu
>
-----------------------------------------------------------------------
> Feedback? Contact my director, Craig Cochell, craigc at ou.edu. Thank
you!
> 
> 

Actually, no  - you have to ensure that a "query-source port 53;" line
does not exist in your named.conf (I found this out via a posting
earlier. No one else mentioned it before, or I have been missing emails!
:(

Regards,
jamie


More information about the bind-users mailing list