* Stephen Vaughan: > Does anyone know if TinyDNS is vulnerable to the dns cache poisoning > exploit? I run tinydns servers, I ran the test below and it came back as > POOR.
tinydns as in djbdns? dnscache (the iterative resolver component of djbdns) uses source port randomization, so no code changes are required. > mh1:~# dig +short @ns1.example.com porttest.dns-oarc.net TXT > z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net. > "1.2.3.4 is POOR: 26 queries in 4.4 seconds from 1 ports with std dev 0.00" This should not happen with dnscache. Perhaps you're behind a not-so-transparent DNS proxy, and you're actually testing your ISP's resolver? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
