Insufficient DNS Source Port Randmoization
Stephane Bortzmeyer
bortzmeyer at nic.fr
Thu Jul 28 07:43:09 UTC 2011
On Thu, Jul 28, 2011 at 03:33:11PM +0800,
Pete Fong <petefong2012 at gmail.com> wrote
a message of 27 lines which said:
> I have adjusted named.conf configuration file as below :
>
> query-source address * port * ;
> query-source-v6 address * port *;
BIND randomizes properly by default. I would suggest to delete all
these lines.
> The NeXpose software still showed the same vulnerability.
Did you try to obtain an independent confirmation from a reliable
source? (I do not know this product, but I distrust private black
boxes.) I recommend:
https://www.dns-oarc.net/oarc/services/porttest
https://www.dns-oarc.net/oarc/services/dnsentropy
More information about the bind-users
mailing list