I was querying my tinydns remotely which was using bind locally. When I ran the dig command on the box itself (which uses the local dnscache) it didn't return anything.
So looks like its all clear.. On Wed, Jul 30, 2008 at 3:06 PM, Florian Weimer <[EMAIL PROTECTED]> wrote: > * Stephen Vaughan: > > > Does anyone know if TinyDNS is vulnerable to the dns cache poisoning > > exploit? I run tinydns servers, I ran the test below and it came back as > > POOR. > > tinydns as in djbdns? dnscache (the iterative resolver component of > djbdns) uses source port randomization, so no code changes are required. > > > mh1:~# dig +short @ns1.example.com porttest.dns-oarc.net TXT > > z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net. > > "1.2.3.4 is POOR: 26 queries in 4.4 seconds from 1 ports with std dev > 0.00" > > This should not happen with dnscache. Perhaps you're behind a > not-so-transparent DNS proxy, and you're actually testing your ISP's > resolver? > -- Best Regards, Stephen
