Vulnerability to cache poisoning -- the rest of the solution

Mon Jul 14 13:53:26 UTC 2008

If that's the case why wouldn't we have needed to open firewall to allow
this behavior for tcp?

-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Baird, Josh
Sent: Monday, July 14, 2008 9:48 AM
To: Baird, Josh; Michael Coumerilh; Alan Clegg
Cc: bind-users at isc.org
Subject: RE: Vulnerability to cache poisoning -- the rest of the
solution

Ignore this.. I found my answer in the ARM:

" The address specified in the query-source option is used for both UDP
and TCP queries, but the port applies only to UDP queries. TCP queries
always use a random unprivileged port."

Thanks,

Josh

-----Original Message-----
From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
Behalf Of Baird, Josh
Sent: Monday, July 14, 2008 8:28 AM
To: Michael Coumerilh; Alan Clegg
Cc: bind-users at isc.org
Subject: RE: Vulnerability to cache poisoning -- the rest of the
solution

Will BIND randomize query TCP source ports as well (when TCP is
required) with these new patches?

Thanks,

Josh

On Jul 11, 2008, at 5:12 PM, Alan Clegg wrote:

> Peter Laws wrote:
>>> For now, randomize your query source ports.  Please.
>>
>> Is that something you have to positively do (i.e., not a default),  
>> or does
>> it happen automagically with the updated BIND(s)?
>
> It's automatic in 9.3.5-P1, 9.4.2-P1, and 9.5.0-P1 (and the current
> betas) unless you tell it otherwise by using BAD things like:
>
>   udp-source port XX;
>
> in your configuration.
>
> Notice that if you have a line like the above in your current
> configuration and are behind a firewall, there may be rules in place
> that made that line necessary.  Check with your firewall admin to make
> sure that "random outbound UDP ports" are open from your nameserver to
> the outside world.
>
> AlanC
>
>
>
----------------------------------
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.
----------------------------------

The information contained in this message and any attachment may be
proprietary, confidential, and privileged or subject to the work
product doctrine and thus protected from disclosure.  If the reader
of this message is not the intended recipient, or an employee or
agent responsible for delivering this message to the intended
recipient, you are hereby notified that any dissemination,
distribution or copying of this communication is strictly prohibited.
If you have received this communication in error, please notify me
immediately by replying to this message and deleting it and all
copies and backups thereof.  Thank you.