> Anyway, my question: Is this enough? Or do I have to upgrade (manually)
> to 9.5.0-Pn? I am talking only about dealing with the Kaminsky
> vulnerability here, not about any other great reasons there may be for
> upgrading.


....says that Ubuntu has rolled the port randomization changes into
9.3.4 for Feisty. So you should be okay.

BTW, I recommend https://www.dns-oarc.net/oarc/services/dnsentropy for
port randomness testing; it includes a scatter plot graphic, which can
help you spot patterns and clusters that might not be noticed otherwise.
(It alerted me to a serious problem with my NAT router's firmware, so
now I'm proselytizing.)

Evan Hunt -- evan_hunt@isc.org
Internet Systems Consortium, Inc.