Watch it: Multiple DNS implementations vulnerable to cache poisoning

[shuttlebox]

On Thu, Jul 10, 2008 at 12:50 AM, Ken A <ka at pacific.net> wrote:
> This nice little tool was posted to the dns operations list.
> Cut and paste this into your linux or BSD (Mac) to check your configured DNS
> resolver for cache poisoning vulnerability.
>
> dig +short porttest.dns-oarc.net TXT

What's a good result supposed to look like?

I understand that this is not good since it's classified as poor and
comes from only one source port:

"a.b.c.d is POOR: 26 queries in 1.4 seconds from 1 ports with std dev 0.00"

But why is this also classified as poor when all 44 queries come from new ports?

"e.f.g.h is POOR: 44 queries in 18.0 seconds from 44 ports with std dev 165.43"

By the way, I don't know if server e.f.g.h is updated or not, I'm just
curious about the result.

-- 
Emo Philips  - "I got some new underwear the other day. Well, new to me."