Same source port queries dropped by ServerIron load balancer
Barry Margolin
barmar at alum.mit.edu
Fri Apr 2 01:19:44 UTC 2010
In article <mailman.1048.1270148466.21153.bind-users at lists.isc.org>,
Kevin Darcy <kcd at chrysler.com> wrote:
> Re-use of source ports for DNS queries is a bad security practice. I
> cast my vote in favor of penalizing it, in the default configuration of
> any device that responds to DNS requests.
It's really not the job of a load balancer or server to force clients to
use good security practices.
I suspect this is actually a bug, but the vendor is using the security
value of it as an excuse to lower its priority.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list