* John Elliot: > Hi, We have a couple of Sarge servers running bind9(9.2.4-1sarge3) > that appear to be vulnerable to the DNS cache poisoning issue(Looks > like port randomization was only introduced in bind9.3?) - As the > servers cannot be upgraded at this time to etch, what is the > recommended course of action? Backports and upgrade to 9.3?
Install one or more etch boxes, put BIND 9 onto it, and configure the sarge machines to use them as forwarders. This is sufficient if the network between them is trusted. You could also forward requests to your ISP's resolvers (subject to the same constraint). I could provide you with an untested 9.3 backport for sarge (or you could compile one yourself). -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
