Thanks a lot john, I have remove it , it was just was to configure firewall issue for the incoming packet.
Regards Saif -----Original Message----- From: John Kristoff [mailto:[email protected]] Sent: Tuesday, May 22, 2012 6:34 PM To: Saif Ahmed Cc: [email protected] Subject: Re: [menog] FW: DNS behind firewall On Sun, 20 May 2012 18:10:15 +0400 "Saif Ahmed" <[email protected]> wrote: > query-source address * port 53; You may wish to reconsider that configuration statement if at all possible. Fixing the query port at 53 may make it easy to define a simple packet filter rule, but it also further reduces the already limited number of unknown bits needed to successfully spoof a response in a Kaminksy-style cache poison attack. John _______________________________________________ Menog mailing list [email protected] http://lists.menog.net/mailman/listinfo/menog
