Tim Daneliuk wrote:
Is there an expected date when the latest version of bind9 (that fixes
the recently discussed DNS vulnerability) will be merged into the 6.3-STABLE tree. I patch and update fairly regularly and
bind -v gives me: BIND 9.3.5-P1   I believe the patched version
is something like 9.5.0-P?...

TIA,

Patches against the Kaminsky attack were released for all of the
supported BIND branches.  9.3.5-P1 is a patched version.  You can verify
that your bind is patched by using the dns oarc tester:

  https://www.dns-oarc.net/oarc/services/dnsentropy

or manually by:

  dig +short porttest.dns-oarc.net TXT

If it reports 'poor' you still need to fix your server.  Beware of NAT
gateways which can reduce the randomness with which source ports are
used in passing.

        Cheers,

Matthew
--
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                 Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                 Kent, CT11 9PW

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to