On 20110404_190551, Brian wrote: > On Mon 04 Apr 2011 at 07:13:57 -0600, Paul E Condon wrote: > > > But I can't find any information more recent than 2008 by > > googling. Surely there have been some more recent developments. > > What has happened? Surely something has happened, but I find nothing. > > The problem you might face will not lie with bind9 but with your router. > Source port randomization by the name server fixes cache poisoning > attacks on it. However, it is highly likely your router de-randomises > the queries due to NAT and PAT. Mine does and I do wonder whether any > more modern device intended for home use does any better. Data are not > readily available but it's not unlikely manufacturers see little to gain > by altering their firmware, > > I came to the conclusion there was no risk to the server (unbound in my > case) as long as the server was not answering queries from outside my > network. Reassurance would be welcome but I'm pretty sure of that. > > Part of my testing was done at > > https://www.grc.com/dns/dns.htm
Thanks for this! But there is a lot to read (and hopefully understand) One specific question: what is mean by 'unbound' in this context? > > First with my ISP's servers in /etc/resolv.conf and then replacing them > with 127.0.0.1 and forwarding port 53 on the router to the machine > running unbound. And again here? -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110406052447.gd14...@big.lan.gnu
