Vulnerability to cache poisoning -- the rest of the solution
Baird, Josh
jbaird at follett.com
Mon Jul 14 13:27:41 UTC 2008
Will BIND randomize query TCP source ports as well (when TCP is
required) with these new patches?
Thanks,
Josh
On Jul 11, 2008, at 5:12 PM, Alan Clegg wrote:
> Peter Laws wrote:
>>> For now, randomize your query source ports. Please.
>>
>> Is that something you have to positively do (i.e., not a default),
>> or does
>> it happen automagically with the updated BIND(s)?
>
> It's automatic in 9.3.5-P1, 9.4.2-P1, and 9.5.0-P1 (and the current
> betas) unless you tell it otherwise by using BAD things like:
>
> udp-source port XX;
>
> in your configuration.
>
> Notice that if you have a line like the above in your current
> configuration and are behind a firewall, there may be rules in place
> that made that line necessary. Check with your firewall admin to make
> sure that "random outbound UDP ports" are open from your nameserver to
> the outside world.
>
> AlanC
>
>
>
More information about the bind-users
mailing list