Which O/S do you have???

----- Original Message -----
From: "EL MAAYATI Afaf"
To: "Alan Clegg"
Sent: Tuesday, August 26, 2008 12:18 PM
Subject: RE: DNS cache poisoning attacks

The line " query-source address x port 53;" is already disabled;
And I'm running the new version (beta) of Bind:
#dig +short @ ch version.bind txt

Best Regards,

-----Original Message-----
From: Alan Clegg [mailto:Alan_Clegg@isc.org]
Sent: Tuesday, August 26, 2008 1:12 AM
Cc: bind-users@isc.org
Subject: Re: DNS cache poisoning attacks

EL MAAYATI Afaf wrote:
> Hello,
> As recommended, I've upgraded my DNS server to the version

BIND 9.5.1b1 . But I
still have the message indicating that my server is still vulnerable
> # dig @ +short porttest.dns-oarc.net txt

Porttest.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e .d.c.b.a.pt.dns-oarc.n
> " is POOR: 26 queries in 6.4 seconds from 1 ports with std

dev 0"
> Is there anything that I've missed?

Do you have a line similar to:

query-source address x port 53;

If so, change it to:

query-source address x port *;

Or get rid of it completely.

If you don't have a line like this, you may have an issue with a
firewall that "un-randomizes" your queries.

The other thing that you may want to check is if you are actually
running the correct version of named. Check using:

dig +short @ version.bind ch txt