On Sun, 20 May 2012 18:10:15 +0400 "Saif Ahmed" <[email protected]> wrote:
> query-source address * port 53; You may wish to reconsider that configuration statement if at all possible. Fixing the query port at 53 may make it easy to define a simple packet filter rule, but it also further reduces the already limited number of unknown bits needed to successfully spoof a response in a Kaminksy-style cache poison attack. John _______________________________________________ Menog mailing list [email protected] http://lists.menog.net/mailman/listinfo/menog
