-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Other people have taken on the question in the Subject: line, so I'll go off on a different tact and request that you remove the line:
> query-source address * port 53; from your configuration, and if it part of a distribution's named.conf, consider opening a bug ticket with that distribution and having them remove it from their examples. By removing the randomization from the query port, you are opening yourself to all types of mischief by those familiar with the Kaminsky vulnerability. If you aren't familiar with it yourself, here's a guide containing 27 8×10 color glossy pictures with circles and arrows and a paragraph on the back of each one explaining what each one was to be used as evidence against us... http://unixwiz.net/techtips/iguide-kaminsky-dns-vuln.html [And as a side note, the missing dot at the end of the Zone statement is not the problem] AlanC -----BEGIN PGP SIGNATURE----- Comment: GPGTools - https://gpgtools.org iQEcBAEBCgAGBQJUylCvAAoJEOW2o5eiJADbIvMH+wSNkQQW0cSJ4JdfexeQ6+rR dnLX7nZzVtj1HKTKNUDE4MxbQRIziT1/pxY8T8EObIqN3V63hk7nwQARYJd1ogCA pzsnoTdmXiG3ZfhulJdxZf5ZF4EdzAtAQlJ86L4LHcZYhmGn6aqbEOzKkXTa+VYW 1lojWh0cnlgBh9nC1FswYUuQxLPvaLwXhhRDVrX66PmFiCUDQgnZvFCbgoC83JHl dSjJFeDkVhqkZq+Q5tbh871OAAbcpNx38mKXI6Y0rzN1hIkqyLLq3B7YCqNxGi1G WzgmhwMdEr3fBAjZtFcj8KZrSQHqFGKdM9YZR3qfkzp/ALMTvRnhnx+3MF8oKTM= =VcMU -----END PGP SIGNATURE----- _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
