Protecting bind from DNS cache poisoning!!!
Wolfgang Solfrank
Wolfgang at Solfrank.net
Mon Aug 9 12:08:26 UTC 2010
>>> Allow bind to use as wide a range of port numbers as possible for UDP
>>> traffic.
>
> On 09.08.10 17:14, Shiva Raman wrote:
>> Yes this is allowed in the firewall.
>
> note that bind also should not have "port" potion in query-source statement.
In addition, be carefull with the use of NAT on your firewall. This will
probably unrandomize the port numbers on your outgoing requests.
Ciao,
Wolfgang
--
Wolfgang at Solfrank.net Wolfgang Solfrank
More information about the bind-users
mailing list