Chris Henderson wrote: > I'm trying to implement some basic counter-measures against the > Kaminsky bug. I have had to configure my switch to allow any incoming > query to TCP and UDP port 53 on my slave DNS server. I was wondering > if this is going to cause any problem as far as security is concerned. > > Bind version 9.4.1 running in chroot jail.
Upgrade to 9.5.1 or better and randomize your query source port numbers. There are no other "basic counter-measures" for servers doing recursion. AlanC
signature.asc
Description: OpenPGP digital signature
_______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users