Re: Sarge, Bind9 (9.2.4-1sarge3) and DNS cache poisoning
On Sun, 2008-07-20 at 14:04, Florian Weimer wrote:
> * John Elliot:
> > Hi, We have a couple of Sarge servers running bind9(9.2.4-1sarge3)
> > that appear to be vulnerable to the DNS cache poisoning issue(Looks
> > like port randomization was only introduced in bind9.3?) - As the
> > servers cannot be upgraded at this time to etch, what is the
> > recommended course of action? Backports and upgrade to 9.3?
> Install one or more etch boxes, put BIND 9 onto it, and configure the
> sarge machines to use them as forwarders. This is sufficient if the
> network between them is trusted. You could also forward requests to
> your ISP's resolvers (subject to the same constraint).
Simpler and more secure (and easier) solution is the installation of the