On Tue, May 31, 2016 at 10:45:24PM +0200, Martin Pitt wrote: > resolved, which you can probably do in the order of a minute. It does > not use source port randomization though, which would lift the average > time to the magnitude of a month.
I'm concerned what this says about the maturity of the project: djbdns introduced source port randomization back in 1999. PowerDNS has had source port randomization for a decade now. Everybody else added this feature in 2008 when it got some Big Press: https://dankaminsky.com/2008/07/24/details/ https://en.wikipedia.org/wiki/Dan_Kaminsky#Flaw_in_DNS http://www.unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html http://www.linuxjournal.com/content/understanding-kaminskys-dns-bug https://www.ietf.org/mail-archive/web/dnsop/current/pdf2jgx6rzxN4.pdf https://www.iana.org/about/presentations/davies-viareggio-entropyvuln-081002.pdf http://www.darkreading.com/vulnerabilities-and-threats/dan-kaminsky-reveals-dns-flaw-at-black-hat/d/d-id/1070756 https://kb.isc.org/article/AA-00924/0/CVE-2008-1447%3A-DNS-Cache-Poisoning-Issue-Kaminsky-bug.html Source port randomization is a basic requirement these days. Thanks
signature.asc
Description: PGP signature
-- ubuntu-devel mailing list ubuntu-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
