Insufficient DNS Source Port Randmoization

Pete Fong petefong2012 at
Thu Jul 28 07:33:11 UTC 2011

Hi Everybody,

My Linux is OpenSuSE 11.4 with Kernel which is used for
DNS server. I have installed bind-9.7.3P3-0.2.1

Our external auditor used "NeXpose" for scanning my system. It showed
"Insufficient DNS Source Port Randomization Vulnerability". Therefore
I have followed BIND 9 Configuration Reference Guide, I have adjusted
named.conf configuration file as below :

query-source address * port * ;
query-source-v6 address * port *;

use-v4-udp-ports { range 1024 65535; };
use-v6-upd-ports ( range 1024 65535; };

But I am not lucky, The NeXpose software still showed the same
vulnerability. Anybody has some issue ? Anybody can help me ?

Thanks a lot,
Pete Fong

More information about the bind-users mailing list