That's a very interesting question because I'm pretty much on the same boat. I just upgraded to bind-9.5.0-P2 and was looking for a good tool that will show me if this version really fixes the DNS cache poisoning issue. I found the following tool which I believe is pretty good but it probably does more check than just the DNS cache poisoning... Go here and under Testing and Reporting Tools, run the DNS Vulnerability Testing Tool => Test Now. http://www.infoblox.com/library/dns-security-center.cfm#2 I'm getting POOR for the Source Port randomness and GREAT for the transaction ID randomness. Is that expected? Does the source port randomness has something to do with the way named.conf is setup? Also, another test from the command line is showing a POOR result? Refer to the following link for more info about the command line test: https://www.dns-oarc.net/oarc/services/porttest # dig @hpadm2 +short porttest.dns-oarc.net TXT porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.n et. "12.109.107.60 is POOR: 26 queries in 2.1 seconds from 1 ports with std dev 0" Anybody has an idea? Thanks Latif -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Andrey G. Sergeev (AKA Andris) Sent: Monday, August 18, 2008 4:51 PM To: [email protected] Subject: Re: Bind-9.5.0-P2 testing Hello Gregory, Mon, 11 Aug 2008 20:29:21 -0700 (PDT) Gregory Hicks wrote: > I've updated my servers to 9.5.0-P2 and would like to load > test them. > > Does anyone have any reccomendations on how to do this? I suggest you to use the dnsperf and resperf tools: http://www.nominum.com/services/measurement_tools.php The Nominum site has a PDF document describing the method on measuring performance of caching servers. You might also want to take a look at this methodic: http://new.isc.org/proj/dnsperf/ISC-TN-2008-1.html -- Yours sincerely, Andrey G. Sergeev (AKA Andris) http://www.andris.name/
-- NOTICE -- The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material, the disclosure of which is governed by applicable law. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error please contact the sender and destroy the materials contained in this message.
