doxpara.com reports no issues with unbound FWIW. Thanks to Stuart for this suggestion during the previous DJBware for ports thread.
2008/7/9 Stuart Henderson <[EMAIL PROTECTED]>: > On 2008-07-09, Steve Tornio <[EMAIL PROTECTED]> wrote: > > I get a different result using the external interface of my caching > > name server, and mine looks vulnerable. > > named is. the stub resolver isn't. > > mcbride@ pointed out that you can give named some more protection > by natting outbound udp traffic destined for port 53 (even just on > the box running the resolver, it doesn't have to be on a firewall > in front). something like, > > nat on egress proto udp from (self) to any port 53 -> (self) > > there - if you need to tell people you're doing something > while you wait for a better solution, you have an option. > check this with tcpdump and requests from multiple NS, the > doxpara.com checker will not notice this as an improvement.
