On Mon 04 Apr 2011 at 07:13:57 -0600, Paul E Condon wrote: > But I can't find any information more recent than 2008 by > googling. Surely there have been some more recent developments. > What has happened? Surely something has happened, but I find nothing.
The problem you might face will not lie with bind9 but with your router. Source port randomization by the name server fixes cache poisoning attacks on it. However, it is highly likely your router de-randomises the queries due to NAT and PAT. Mine does and I do wonder whether any more modern device intended for home use does any better. Data are not readily available but it's not unlikely manufacturers see little to gain by altering their firmware, I came to the conclusion there was no risk to the server (unbound in my case) as long as the server was not answering queries from outside my network. Reassurance would be welcome but I'm pretty sure of that. Part of my testing was done at https://www.grc.com/dns/dns.htm First with my ISP's servers in /etc/resolv.conf and then replacing them with 127.0.0.1 and forwarding port 53 on the router to the machine running unbound. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110404180551.GS7935@desktop
