Insufficient DNS Source Port Randmoization
Warren Kumari
warren at kumari.net
Fri Jul 29 20:02:59 UTC 2011
On Jul 28, 2011, at 3:43 AM, Stephane Bortzmeyer wrote:
> On Thu, Jul 28, 2011 at 03:33:11PM +0800,
> Pete Fong <petefong2012 at gmail.com> wrote
> a message of 27 lines which said:
>
>> I have adjusted named.conf configuration file as below :
>>
>> query-source address * port * ;
>> query-source-v6 address * port *;
>
> BIND randomizes properly by default. I would suggest to delete all
> these lines.
>
>> The NeXpose software still showed the same vulnerability.
>
> Did you try to obtain an independent confirmation from a reliable
> source? (I do not know this product, but I distrust private black
> boxes.) I recommend:
>
> https://www.dns-oarc.net/oarc/services/porttest
> https://www.dns-oarc.net/oarc/services/dnsentropy
+1.
W
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
>
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
>
More information about the bind-users
mailing list