-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Don't forget the Polyakov attack. Rate-limit your inbound traffic as per Paul Vixie's recommendation (no more than 10 Mbit/s of inbound DNS traffic), if necessary, using a firewall on your DNS server, or possibly using an external DNS server.
Chris Buxton Professional Services Men & Mice On Aug 12, 2008, at 7:08 AM, Paul A wrote: > Thanks Kevin, didn't know if doing random with iptables was going to > make it > harder to guess instead of just using the new bind with port > randomization. > > So at this point I'm assuming that aside from using secure zones, > using the > new bind is all that can be done? > > paul -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAkihqREACgkQ0p/8Jp6Boi09uwCfem+soAjGYEy4abH2y6RxggMq XX0AoKSru0q+ESnrptnQU+ClwRMuFGQC =s6ZQ -----END PGP SIGNATURE-----
