On Sun, 2008-07-20 at 14:04, Florian Weimer wrote: > * John Elliot: > > Hi, We have a couple of Sarge servers running bind9(9.2.4-1sarge3) > > that appear to be vulnerable to the DNS cache poisoning issue(Looks > > like port randomization was only introduced in bind9.3?) - As the > > servers cannot be upgraded at this time to etch, what is the > > recommended course of action? Backports and upgrade to 9.3? > Install one or more etch boxes, put BIND 9 onto it, and configure the > sarge machines to use them as forwarders. This is sufficient if the > network between them is trusted. You could also forward requests to > your ISP's resolvers (subject to the same constraint).
Simpler and more secure (and easier) solution is the installation of the djbdns. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
