Is 9.3.4-P1 OK?
Evan Hunt
Evan_Hunt at isc.org
Sun Aug 3 16:39:54 UTC 2008
> Anyway, my question: Is this enough? Or do I have to upgrade (manually)
> to 9.5.0-Pn? I am talking only about dealing with the Kaminsky
> vulnerability here, not about any other great reasons there may be for
> upgrading.
This:
https://code.launchpad.net/ubuntu/feisty/+source/bind9/1:9.3.4-2ubuntu2.3
...says that Ubuntu has rolled the port randomization changes into
9.3.4 for Feisty. So you should be okay.
BTW, I recommend https://www.dns-oarc.net/oarc/services/dnsentropy for
port randomness testing; it includes a scatter plot graphic, which can
help you spot patterns and clusters that might not be noticed otherwise.
(It alerted me to a serious problem with my NAT router's firmware, so
now I'm proselytizing.)
--
Evan Hunt -- evan_hunt at isc.org
Internet Systems Consortium, Inc.
More information about the bind-users
mailing list