DNS cache poisoning attacks
EL MAAYATI Afaf
afaf at anrt.ma
Tue Aug 26 09:18:11 UTC 2008
Hello,
The line " query-source address x port 53;" is already disabled;
And I'm running the new version (beta) of Bind:
#dig +short @192.168.2.3 ch version.bind txt
9.5.1b1
Best Regards,
-----Original Message-----
From: Alan Clegg [mailto:Alan_Clegg at isc.org]
Sent: Tuesday, August 26, 2008 1:12 AM
To: EL MAAYATI Afaf
Cc: bind-users at isc.org
Subject: Re: DNS cache poisoning attacks
EL MAAYATI Afaf wrote:
> Hello,
> As recommended, I've upgraded my DNS server to the version
BIND 9.5.1b1 <http://www.isc.org/sw/bind/view?release=9.5.1b1> . But I
still have the message indicating that my server is still vulnerable
>
> # dig @192.168.2.3 +short porttest.dns-oarc.net txt
>
Porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.n
et.
> "192.168.2.3 is POOR: 26 queries in 6.4 seconds from 1 ports with std
dev 0"
>
> Is there anything that I've missed?
Do you have a line similar to:
query-source address x port 53;
If so, change it to:
query-source address x port *;
Or get rid of it completely.
If you don't have a line like this, you may have an issue with a
firewall that "un-randomizes" your queries.
The other thing that you may want to check is if you are actually
running the correct version of named. Check using:
dig +short @192.168.2.3 version.bind ch txt
AlanC
More information about the bind-users
mailing list