Florian Weimer wrote: > * Robert Edmonds: > > > libbind contains the standard resolver library that was distributed in > > BIND9 prior to version 9.6. Included are functions that communicate with > > domain name servers, > > AFAICT, libbind doesn't use source port randomization. The PRNG for > transaction IDs is rather curious (but does work around the fork > problem to some extent). libbind and glibc's stub resolver are descended from the same code base, so a fix to one could likely be ported to the other. if a fix were coded and BSD licensed it could probably be applied upstream. (e.g., we have arc4random available through libbsd.) however, the kernels in lenny and sid should be randomizing UDP source ports anyway, right? i mainly intended to package libbind for its message parsing functions, though. -- Robert Edmonds edmonds@debian.org
Attachment:
signature.asc
Description: Digital signature