sysucl wrote: > Hello everyone, > > My LAN is behind an endian firewall box (v.1.1). I upgraded my local DNS > servers (bind9) to prevent dns cache poisonning. > My local DNS are configured to forward to OpenDNS servers for the "outside" > servers. > > When I perform a test (e.g. on doxpara website), it seems that i'm still > vulnerable. > I browsed this forum and upgraded dnsmasq to version 2.43, but it doesn't > seem to fix my problem. > It seems that the EFW box cancels the benefit of random udp source ports on > the bind9 servers; > > Can anyone help me with this issue ? > Thanks > > ps: I can upgrade to a newer version of EFW if necessary, but I want to be > sure this will solve the problem, since it involves interrupting internet > access for some time. > >
I double checked the DNSmasq upgraded EFW I have deployed and did my local patched server and the results from Doxpara come back the same. It says it appears to be fine but to check this list and then shows some port numbers [which do not seem to change by the way.] Another test is to use dns-oarc.net dig +short porttest.dns-oarc.net TXT In windows you can use nslookup > nslookup > set type=txt > porttest.dns-oarc.net As far as I can tell the new version of DNSmasq does help but remember that it has to ask an upstream DNS server and word is that lots of ISP's have failed to do the upgrade. -Mike ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Efw-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/efw-user
