Vulnerability to cache poisoning -- the rest of the solution
Peter Laws
plaws at ou.edu
Fri Jul 11 22:21:37 UTC 2008
James Pratt wrote:
> Actually, no - you have to ensure that a "query-source port 53;" line
> does not exist in your named.conf (I found this out via a posting
> earlier. No one else mentioned it before, or I have been missing emails!
Yeah, I actually read the docs (gasp!) and it does note that if it's not
specifically set, or if the port is set to '*', then it's random (for some
value of 'random'). I checked all mine, too, and it was never set.
Of course, I am working under the assumption that RedHat's version of BIND
is also random by default ... :-)
Thanks, all.
--
Peter Laws / N5UWY
National Weather Center / Network Operations Center
University of Oklahoma Information Technology
plaws at ou.edu
-----------------------------------------------------------------------
Feedback? Contact my director, Craig Cochell, craigc at ou.edu. Thank you!
More information about the bind-users
mailing list