Watch it: Multiple DNS implementations vulnerable to
cachepoisoning (fwd)
Peter Farrow
peter at farrows.org
Thu Jul 10 13:31:03 IST 2008
Yeah,
I misread the whole thing, so sorry about that, just checked my public
name servers and I already have it commented out when I set them up a
few years ago...
oh how time flies when you're having fun
:-)
horizontal ruler
Res wrote:
> I think your confusing what those options do, a properly configured
> DNS server does not need those lines, they are a risk.
>
>
> ---------- Forwarded message ----------
> Date: Thu, 10 Jul 2008 13:06:55 +0100
> From: Peter Farrow <peter at farrows.org>
> Reply-To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> To: MailScanner discussion <mailscanner at lists.mailscanner.info>
> Subject: Re: Watch it: Multiple DNS implementations vulnerable to
> cachepoisoning
>
> If you're running a public DNS server or a DNS server for your LAN
> clients then these lines are an extremely good idea...
>
> P.
>
>
> Randal, Phil wrote:
>> Have you made sure that in named.conf there are no
>>
>> query-source port 53;
>> query-source-v6 port 53;
>>
>> lines?
>>
>> Cheers,
>>
>> Phil
>>
>> --
>> Phil Randal
>> Networks Engineer
>> Herefordshire Council
>> Hereford, UK
>>
>> -----Original Message-----
>> From: mailscanner-bounces at lists.mailscanner.info
>> [mailto:mailscanner-bounces at lists.mailscanner.info] On Behalf Of Jason
>> Ede
>> Sent: 10 July 2008 11:15
>> To: MailScanner discussion
>> Subject: RE: Watch it: Multiple DNS implementations vulnerable to
>> cachepoisoning
>>
>> I've patched some servers and they're showing good, but on one behind a
>> firewall its still showing as poor despite the update being run... Its
>> running Centos5.1
>>
>> Jason
>>
>>
>>
>>> -----Original Message-----
>>> From: mailscanner-bounces at lists.mailscanner.info [mailto:mailscanner-
>>> bounces at lists.mailscanner.info] On Behalf Of shuttlebox
>>> Sent: 10 July 2008 09:42
>>> To: MailScanner discussion
>>> Subject: Re: Watch it: Multiple DNS implementations vulnerable to
>>> cache poisoning
>>>
>>> On Thu, Jul 10, 2008 at 3:54 AM, Ken A <ka at pacific.net> wrote:
>>>
>>>> They are probably not random enough. You can look at them with
>>>>
>>> netstat or
>>>
>>>> lsof -i
>>>>
>>> OK, it's the standard deviation that is key to the result. Unique
>>> ports but all in a row for example is of course not good.
>>>
>>> I have now patched one server and it shows GOOD with a high std dev.
>>>
>>> /peter
>>> --
>>> Robert Benchley - "Drawing on my fine command of the English
>>> language, I said nothing."
>>> --
>>> MailScanner mailing list
>>> mailscanner at lists.mailscanner.info
>>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>>
>>> Before posting, read http://wiki.mailscanner.info/posting
>>>
>>> Support MailScanner development - buy the book off the website!
>>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/mailman/listinfo/mailscanner
>>
>> Before posting, read http://wiki.mailscanner.info/posting
>>
>> Support MailScanner development - buy the book off the website!
>>
>>
>
--
This message has been scanned for viruses and
dangerous content by the Inexcom system Scanner,
and is believed to be clean.
Advanced heuristic mail scanning server [-].
http://www.inexcom.co.uk
-------------- next part --------------
Skipped content of type multipart/related
More information about the MailScanner
mailing list