Mike Tremaine wrote: > sysucl wrote: >> Hello everyone, >> >> My LAN is behind an endian firewall box (v.1.1). I upgraded my local DNS >> servers (bind9) to prevent dns cache poisonning. >> My local DNS are configured to forward to OpenDNS servers for the "outside" >> servers. >> >> When I perform a test (e.g. on doxpara website), it seems that i'm still >> vulnerable. >> I browsed this forum and upgraded dnsmasq to version 2.43, but it doesn't >> seem to fix my problem. >> It seems that the EFW box cancels the benefit of random udp source ports on >> the bind9 servers; >> >> Can anyone help me with this issue ? >> Thanks >> >> ps: I can upgrade to a newer version of EFW if necessary, but I want to be >> sure this will solve the problem, since it involves interrupting internet >> access for some time. >> >> > > I double checked the DNSmasq upgraded EFW I have deployed and did my > local patched server and the results from Doxpara come back the same. It > says it appears to be fine but to check this list and then shows some > port numbers [which do not seem to change by the way.] > > Another test is to use dns-oarc.net > > dig +short porttest.dns-oarc.net TXT > > In windows you can use nslookup > > nslookup > > set type=txt > > porttest.dns-oarc.net > > > As far as I can tell the new version of DNSmasq does help but remember > that it has to ask an upstream DNS server and word is that lots of ISP's > have failed to do the upgrade. > > -Mike > >
PS - There seems to be a DNSmasq 2.45 out which obviously I better build into an RPM. :/ -Mike ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Efw-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/efw-user
