BIND Port Randomization
Ray Van Dolson
rvandolson at esri.com
Fri Jul 25 13:29:38 UTC 2008
On Fri, Jul 25, 2008 at 06:19:02AM -0700, Ryan Sharpe wrote:
> In response to the Errta RHSA-2008:0533 I have installed the updated ISC
> Bind packages from Red Hat as well as updated the selinux targeted policy.
> However when I test the server using http://www.doxpara.com/ it still
> shows up as being vulnerable to DNS cache poisoning.
>
> Before this I had SELinux completely disabled, so I though I may need to
> turn it on. I have since set it to permissive mode and rebooted, but still
> the DNS source ports aren't randomizing. So again I changed the mode to
> enforcing, but still when I run the test it shows that I am vulnerable.
> What am I missing, is there a BIND directive I need?
Is your DNS server sitting behind a NAT?
Ray
More information about the redhat-sysadmin-list
mailing list