Re: Securing bind..
Russell Coker wrote:
> DNS cache machine sents out requests from source port 54 (not obscure - every
> administrator of every DNS server on the net can easily discover this).
> Recursive requests go to port 53 (getting a DNS client to even talk to
> another port is difficult or impossible depending on the client).
By forcing the source port for recursive requests to a given fixed
one, do you not make yourself more vulnerable to the spoofing attacks
you were talking about, because the attacker does not have to predict
the source port of the query ?