Insufficient DNS Source Port Randmoization

Stephane Bortzmeyer bortzmeyer at
Thu Jul 28 07:43:09 UTC 2011

On Thu, Jul 28, 2011 at 03:33:11PM +0800,
 Pete Fong <petefong2012 at> wrote 
 a message of 27 lines which said:

> I have adjusted named.conf configuration file as below :
> query-source address * port * ;
> query-source-v6 address * port *;

BIND randomizes properly by default. I would suggest to delete all
these lines.

> The NeXpose software still showed the same vulnerability.

Did you try to obtain an independent confirmation from a reliable
source? (I do not know this product, but I distrust private black
boxes.) I recommend:

More information about the bind-users mailing list