On 2008-07-09, mark reardon <[EMAIL PROTECTED]> wrote: > doxpara.com reports no issues with unbound FWIW.
right, unbound already randomises the source port (arc4random from guess where) and also the source address if you list more than one (assign aliases to the interfaces, and list all of the IP address in "outgoing-interface" lines in config). http://nlnetlabs.nl/publications/DNS_cache_poisoning_vulnerability.html they have their own methods to avoid stomping on ports used by other UDP services, but since they don't have control over the rest of the OS, it's a bunch of config parameters, not quite as elegant as using net.inet.udp.baddynamic populated from /etc/services entries (see recent commits in source- changes or in odc on www.squish.net/openbsd/)
