Protecting bind from DNS cache poisoning!!!
Matus UHLAR - fantomas
uhlar at fantomas.sk
Mon Aug 9 12:01:16 UTC 2010
> >Allow bind to use as wide a range of port numbers as possible for UDP
> >traffic.
On 09.08.10 17:14, Shiva Raman wrote:
> Yes this is allowed in the firewall.
note that bind also should not have "port" potion in query-source statement.
> > Make sure your firewalls don't do daft things like forcing any DNS
> >traffic to come from a limited range of source ports, or blocking large
> >UDP packets or EDNS. Allow DNS queries over TCP as well as UDP.
> Yes in firewall , both TCP and UDP DNS queries are allowed.
allowed is one part, not to have broken firewalls that inspect (and break)
DNS packets is another one.
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
I drive way too fast to worry about cholesterol.
More information about the bind-users
mailing list