On 20110406_121404, Brian wrote: > On Tue 05 Apr 2011 at 23:24:47 -0600, Paul E Condon wrote: > > > On 20110404_190551, Brian wrote: > > > I came to the conclusion there was no risk to the server (unbound in my > > > case) as long as the server was not answering queries from outside my > > > network. Reassurance would be welcome but I'm pretty sure of that. > > > > > > Part of my testing was done at > > > > > > https://www.grc.com/dns/dns.htm > > > > Thanks for this! But there is a lot to read (and hopefully understand) > > One specific question: what is mean by 'unbound' in this context? > > Unbound is a DNS server; an alternative to BIND.
OK, it's a pun ;-). Clueless I am. > > > > First with my ISP's servers in /etc/resolv.conf and then replacing them > > > with 127.0.0.1 and forwarding port 53 on the router to the machine > > > running unbound. > > And again here? > > Forwarding on the router isn't necessary to test the affect the router > has on Source Port Randomness. Check /etc/bind/named.conf to ensure there > is no forwarding of DNS requests to another resolver. Edit resolv.conf to > use only 'nameserver 127.0.0.1'. Start BIND. > To do this usefully, I have to first figure out how to configure my newly installed instance of BIND9. Correct? I don't think I'm there yet... > http://entropy.dns-oarc.net/test/ This gave me a passing grade on the dns resolver run by my ISP. But there was one duplicate port number in the sample of 25 trys. Maybe I should not worry, but I'm still curious about how the system actually works. Thanks for the pointer. Very fast. > > is quicker than grc.com to return a test result. You'll likely get a > rating of POOR but, assuming queries from the internet are not served, > your DNS cache cannot be poisoned because there is no access to it from > the outside. This contains information that's new to me. You seem to be saying that my copy of BIND on my computer is building its own internal cache. I don't see any reason why it couldn't contain a cache, but I haven't read anywhere that it actually *does* have a cache internally. Does it contain a cache? Thanks. -- Paul E Condon pecon...@mesanetworks.net -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110406182042.ga...@big.lan.gnu
