Tim Daneliuk wrote:
Is there an expected date when the latest version of bind9 (that fixesthe recently discussed DNS vulnerability) will be merged into the 6.3-STABLE tree. I patch and update fairly regularly andbind -v gives me: BIND 9.3.5-P1 I believe the patched version is something like 9.5.0-P?...TIA,
Patches against the Kaminsky attack were released for all of the supported BIND branches. 9.3.5-P1 is a patched version. You can verify that your bind is patched by using the dns oarc tester: https://www.dns-oarc.net/oarc/services/dnsentropy or manually by: dig +short porttest.dns-oarc.net TXT If it reports 'poor' you still need to fix your server. Beware of NAT gateways which can reduce the randomness with which source ports are used in passing. Cheers,Matthew
--
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
signature.asc
Description: OpenPGP digital signature
