> Anyway, my question: Is this enough? Or do I have to upgrade (manually) > to 9.5.0-Pn? I am talking only about dealing with the Kaminsky > vulnerability here, not about any other great reasons there may be for > upgrading.
This: https://code.launchpad.net/ubuntu/feisty/+source/bind9/1:9.3.4-2ubuntu2.3 ...says that Ubuntu has rolled the port randomization changes into 9.3.4 for Feisty. So you should be okay. BTW, I recommend https://www.dns-oarc.net/oarc/services/dnsentropy for port randomness testing; it includes a scatter plot graphic, which can help you spot patterns and clusters that might not be noticed otherwise. (It alerted me to a serious problem with my NAT router's firmware, so now I'm proselytizing.) -- Evan Hunt -- [EMAIL PROTECTED] Internet Systems Consortium, Inc.
