[SLL] who is randomizing DNS source ports? deploying DNSSEC?
Brian Hatch
bri at ifokr.org
Fri Jul 25 13:25:04 PDT 2008
Almost 2008-07-25 13:58 -0500, Jeremy C. Reed suggested:
> Any of you choosing not to randomize DNS source ports for your caching
> recursive servers? (Why?)
I use djbdns, which has always used random source ports, and thus
was already protected by this. I see no reason to do anything
wacky to insecurify myself. ;-)
> Anyone deployed DNSSEC? Or plan to within next 30 days? (Let me know if
> you need help.)
Certainly haven't looked at it in a while, but would be interested
in taking another gander if there's a chance it'd actually be useful.
Are you using it anywhere currently?
--
Brian Hatch "What do you want,
Systems and you moon-faced
Security Engineer assassin of joy?"
http://www.ifokr.org/bri/
Every message PGP signed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists2.linuxjournal.com/pipermail/linux-list/attachments/20080725/4c20183e/attachment.sig
More information about the linux-list
mailing list