No, my server is recursive and it's not configured as a Forwarder. But, as my server is behind a (PAT) system, I guess that it's the reason why the source port randomization, implemented within the Patch (or the new version of Bind), is ignored
-----Original Message----- From: Vinny Abello [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2008 1:22 PM To: EL MAAYATI Afaf Cc: Alan Clegg; [email protected] Subject: Re: DNS cache poisoning attacks Are you forwarding recursive requests to another server that is vulnerable? On Aug 26, 2008, at 8:23 AM, "EL MAAYATI Afaf" <[EMAIL PROTECTED]> wrote: > Hello, > The line " query-source address x port 53;" is already > disabled; > And I'm running the new version (beta) of Bind: > #dig +short @192.168.2.3 ch version.bind txt > 9.5.1b1 > > > > Best Regards, > > -----Original Message----- > From: Alan Clegg [mailto:[EMAIL PROTECTED] > Sent: Tuesday, August 26, 2008 1:12 AM > To: EL MAAYATI Afaf > Cc: [email protected] > Subject: Re: DNS cache poisoning attacks > > EL MAAYATI Afaf wrote: >> Hello, >> As recommended, I've upgraded my DNS server to the version > BIND 9.5.1b1 <http://www.isc.org/sw/bind/view?release=9.5.1b1> . But I > still have the message indicating that my server is still vulnerable >> >> # dig @192.168.2.3 +short porttest.dns-oarc.net txt >> > Porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns- > oarc.n > et. >> "192.168.2.3 is POOR: 26 queries in 6.4 seconds from 1 ports with std > dev 0" >> >> Is there anything that I've missed? > > Do you have a line similar to: > > query-source address x port 53; > > If so, change it to: > > query-source address x port *; > > Or get rid of it completely. > > If you don't have a line like this, you may have an issue with a > firewall that "un-randomizes" your queries. > > The other thing that you may want to check is if you are actually > running the correct version of named. Check using: > > dig +short @192.168.2.3 version.bind ch txt > > AlanC > >
