> Anyway, my question: Is this enough? Or do I have to upgrade (manually)
> to 9.5.0-Pn? I am talking only about dealing with the Kaminsky
> vulnerability here, not about any other great reasons there may be for
> upgrading.


This:
https://code.launchpad.net/ubuntu/fe...3.4-2ubuntu2.3

....says that Ubuntu has rolled the port randomization changes into
9.3.4 for Feisty. So you should be okay.

BTW, I recommend https://www.dns-oarc.net/oarc/services/dnsentropy for
port randomness testing; it includes a scatter plot graphic, which can
help you spot patterns and clusters that might not be noticed otherwise.
(It alerted me to a serious problem with my NAT router's firmware, so
now I'm proselytizing.)

--
Evan Hunt -- evan_hunt@isc.org
Internet Systems Consortium, Inc.