Mike Tremaine | 1 Aug 15:43 2008

Re: EFW & DNS cache poisoning flaw

sysucl wrote:
> Hello everyone,
> My LAN is behind an endian firewall box (v.1.1). I upgraded my local DNS
> servers (bind9) to prevent dns cache poisonning. 
> My local DNS are configured to forward to OpenDNS servers for the "outside"
> servers.
> When I perform a test (e.g. on doxpara website), it seems that i'm still
> vulnerable.
> I browsed this forum and upgraded dnsmasq to version 2.43, but it doesn't
> seem to fix my problem.
> It seems that the EFW box cancels the benefit of random udp source ports on
> the bind9 servers;
> Can anyone help me with this issue ?
> Thanks
> ps: I can upgrade to a newer version of EFW if necessary, but I want to be
> sure this will solve the problem, since it involves interrupting internet
> access for some time.

I double checked the DNSmasq upgraded EFW I have deployed and did my 
local patched server and the results from Doxpara come back the same. It 
says it appears to be fine but to check this list and then shows some 
port numbers [which do not seem to change by the way.]

Another test is to use dns-oarc.net

dig +short porttest.dns-oarc.net TXT

In windows you can use nslookup
 > nslookup
 > set type=txt
 > porttest.dns-oarc.net

As far as I can tell the new version of DNSmasq does help but remember 
that it has to ask an upstream DNS server and word is that lots of ISP's 
have failed to do the upgrade.


This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world