On 2008-09-08, Sunnz <[EMAIL PROTECTED]> wrote: > 2008/7/20 Mark Shroyer <[EMAIL PROTECTED]>: >> >> http://blog.spoofed.org/2008/07/mitigating-dns-cache-poisoning-with-pf.html >> >> The configuration line in question: >> >> nat on $WAN_IF inet proto { tcp, udp } from a.b.c.d to any \ >> port 53 -> a.b.c.d >> >> Or, if you have a dynamic IP address on a cable modem, etc.: >> >> nat on $WAN_IF inet proto { tcp, udp } from ($WAN_IF) to any \ >> port 53 -> ($WAN_IF) >> > > Hey I was trying this today... however I have bind on the OpenDNS > router that is doing nat itself, so do you know if that would work at > all?
Yes. But the patch is now available. You should just patch instead.
