Re: increasing DNS message entropy, a solution for NATs
On Thu, 31 Jul 2008, Alex Bligh wrote:
>> Lets face it, most people that would/will be effected won't upgrade
>> their routers, so that's already a lost cause, anyone that does upgrade
>> their NAT solution should do a better job of it and it's not really a
>> DNS issue.[/color]
> I am guessing the half-life of ADSL equipment is less than 3 years.[/color]
But it can't hurt to educate the vendors so they do it right.
I'f you're behind a NAT, like I am, and run a DNS server, like I do, and
if you care enough to get it right, like I do, then you replace your
cheap hardware with a proper one anyway.
Let's get lists out of vendors that do it proper/inproper so the problem
will go away.
And must give you this thought:
Being behind a NAT that passes through port randomness unaffected when
there is no other traffic, other activity behind the NAT can even increase
the randomness of the ports as nobody can "guess" the activity I'm going
to do on my internal network.
to unsubscribe send a message to [email]firstname.lastname@example.org[/email] with
the word 'unsubscribe' in a single line as the message text body.