[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Sarge, Bind9 (9.2.4-1sarge3) and DNS cache poisoning

* Carlos Carvalho:

>  >Note that using --random with a patched resolver (one that uses stronger
>  >random numbers for source ports) makes it vulnerable again.  By default,
>  >Netfilter tries to preserve source ports, so its NAT does not destroy
>  >the effort put into BIND et al.
> Really? This post says the kernel randomization is good...

It applies to the configuration without --random.

Reply to: