On Wednesday 09 July 2008 14:16:53 Jay R. Ashworth wrote: > On Wed, Jul 09, 2008 at 04:39:49AM -0400, Jean-Fran?ois Mezei wrote: > > My DNS server made the various DNS requests from the same port and is > > thus vulnerable. (VMS TCPIP Services so no patches expected). > > Well, yes, but unless I've badly misunderstood the situation, all > that's necessary to mitigate this bug is to interpose a non-buggy > recursive resolver between the broken machine and the Internet at > large, right?
He said "DNS server", which you wouldn't want to point at a correct named, because that would be forwarding, and forwarding has its own security issues. I've already dragged a name server here back to a supported OS version today because of this, don't see why others should escape ;)