[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sarge, Bind9 (9.2.4-1sarge3) and DNS cache poisoning

On Sun, 2008-07-20 at 14:04, Florian Weimer wrote:
> * John Elliot:
> > Hi, We have a couple of Sarge servers running bind9(9.2.4-1sarge3)
> > that appear to be vulnerable to the DNS cache poisoning issue(Looks
> > like port randomization was only introduced in bind9.3?) - As the
> > servers cannot be upgraded at this time to etch, what is the
> > recommended course of action? Backports and upgrade to 9.3?
> Install one or more etch boxes, put BIND 9 onto it, and configure the
> sarge machines to use them as forwarders.  This is sufficient if the
> network between them is trusted.  You could also forward requests to
> your ISP's resolvers (subject to the same constraint).

Simpler and more secure (and easier) solution is the installation of the

Reply to: