Similarly the 9.3.4-P1 for RHEL5 was backported and tests "great".
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Evan Hunt Sent: Sunday, August 03, 2008 12:40 PM To: Karl Auer Cc: BIND users Subject: Re: Is 9.3.4-P1 OK? > Anyway, my question: Is this enough? Or do I have to upgrade (manually) > to 9.5.0-Pn? I am talking only about dealing with the Kaminsky > vulnerability here, not about any other great reasons there may be for > upgrading. This: https://code.launchpad.net/ubuntu/feisty/+source/bind9/1:9.3.4-2ubuntu2. 3 ...says that Ubuntu has rolled the port randomization changes into 9.3.4 for Feisty. So you should be okay. BTW, I recommend https://www.dns-oarc.net/oarc/services/dnsentropy for port randomness testing; it includes a scatter plot graphic, which can help you spot patterns and clusters that might not be noticed otherwise. (It alerted me to a serious problem with my NAT router's firmware, so now I'm proselytizing.) -- Evan Hunt -- [EMAIL PROTECTED] Internet Systems Consortium, Inc. ---------------------------------- CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you. ----------------------------------
