Which O/S do you have??? ejaz ----- Original Message ----- From: "EL MAAYATI Afaf" <[EMAIL PROTECTED]> To: "Alan Clegg" <[EMAIL PROTECTED]> Cc: <[email protected]> Sent: Tuesday, August 26, 2008 12:18 PM Subject: RE: DNS cache poisoning attacks
Hello, The line " query-source address x port 53;" is already disabled; And I'm running the new version (beta) of Bind: #dig +short @192.168.2.3 ch version.bind txt 9.5.1b1 Best Regards, -----Original Message----- From: Alan Clegg [mailto:[EMAIL PROTECTED] Sent: Tuesday, August 26, 2008 1:12 AM To: EL MAAYATI Afaf Cc: [email protected] Subject: Re: DNS cache poisoning attacks EL MAAYATI Afaf wrote: > Hello, > As recommended, I've upgraded my DNS server to the version BIND 9.5.1b1 <http://www.isc.org/sw/bind/view?release=9.5.1b1> . But I still have the message indicating that my server is still vulnerable > > # dig @192.168.2.3 +short porttest.dns-oarc.net txt > Porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.n et. > "192.168.2.3 is POOR: 26 queries in 6.4 seconds from 1 ports with std dev 0" > > Is there anything that I've missed? Do you have a line similar to: query-source address x port 53; If so, change it to: query-source address x port *; Or get rid of it completely. If you don't have a line like this, you may have an issue with a firewall that "un-randomizes" your queries. The other thing that you may want to check is if you are actually running the correct version of named. Check using: dig +short @192.168.2.3 version.bind ch txt AlanC
