Regarding the new DNS cache poisoning problems: I was told that the way they resolved the problem was to randomize the source ports. I was wondering if I needed to make any changes to PF firewall, as I'm currently running DNS through a single port (TCP/UDP domain port). I have a strict firewall policy that only allows specified ports, but should I change this?
Also I'm using MaraDNS, if that helps. Thanks! -Kyle
