BIND 9.3.5-P1 random UDP src ports: some DNS responses delivered to wrong process
Florian Weimer
fw at deneb.enyo.de
Fri Jul 11 19:28:38 UTC 2008
* Mark Andrews:
> Named doesn't just call bind(0.0.0.0#0) as many systems
> don't do good random port selection. Lots of systems are
> sequential. Linux keeps handing out the same port as long
> as it is not in use then sequentially increments it.
Linux 2.6.24 assigns non-sequential ports, but not from a PRNG which
should be considered strong enough (IMHO).
> This can all be avoided if everyone signs their zones.
>
> http://www.isc.org/sw/bind/docs/DNSSEC_in_6_minutes.pdf
I think part of our problem is that a presentation titled "DNSSEC in 6
minutes" consists of 77 slides. 8-)
More information about the bind-users
mailing list