Trey Valenta wrote: > On Tue, Aug 26, 2008 at 09:18:11AM -0000, EL MAAYATI Afaf wrote: > >> The line " query-source address x port 53;" is already disabled; >> > > # dig @192.168.2.3 +short porttest.dns-oarc.net txt > >> Porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.n >> et. >> >>> "192.168.2.3 is POOR: 26 queries in 6.4 seconds from 1 ports with std >>> >> dev 0" >> > > Did you modify the IP addresses in your post, or is this _really_ the > string returned by your query? If you're getting a response with > "192.168.2.3 is POOR", then I presume you have a firewall that's doing > all sorts of rewriting the DNS packets. My initial guess is that > whatever device you use to NAT or PAT the DNS server is the culprit. > Good point. The entropy tester should never be seeing the 192.168.x.x address.
On the other hand, I doubt any firewall/NA(P)T would recognize within, and rewrite on the fly, the textual representation of an IP address within a TXT record. The value of doing so is very low, and the risk of false positives are significant. So, I tend to think the original poster modified the output so as to not to identify the public address of his/her resolver. - Kevin
