[SLL] who is randomizing DNS source ports? deploying DNSSEC?
Jeremy C. Reed
reed at reedmedia.net
Fri Jul 25 13:49:50 PDT 2008
> > Any of you choosing not to randomize DNS source ports for your caching
> > recursive servers? (Why?)
>
> I use djbdns, which has always used random source ports, and thus
> was already protected by this. I see no reason to do anything
> wacky to insecurify myself. ;-)
Which doesn't go with next question :) (no DNSSEC)
> > Anyone deployed DNSSEC? Or plan to within next 30 days? (Let me know if
> > you need help.)
>
> Certainly haven't looked at it in a while, but would be interested
> in taking another gander if there's a chance it'd actually be useful.
> Are you using it anywhere currently?
Yes. But no parent knows me.
emailmediator.com
bsdnewsletter.com (expired signatures for testing)
Soon to sign all mine (and others I host) and share with a DLV (a registry
of trusted anchors until TLDs and . are signed).
More information about the linux-list
mailing list