I was querying my tinydns remotely which was using bind locally. When I ran the dig command on the box itself (which uses the local dnscache) it didn't return anything.
So looks like its all clear..
On Wed, Jul 30, 2008 at 3:06 PM, Florian Weimer
<fw@deneb.enyo.de> wrote:
* Stephen Vaughan:
> Does anyone know if TinyDNS is vulnerable to the dns cache poisoning
> exploit? I run tinydns servers, I ran the test below and it came back as
> POOR.
tinydns as in djbdns? dnscache (the iterative resolver component of
djbdns) uses source port randomization, so no code changes are required.
This should not happen with dnscache. Perhaps you're behind a
not-so-transparent DNS proxy, and you're actually testing your ISP's
resolver?
--
Best Regards,
Stephen