short answer
|
| Author | Content |
|---|---|
| herzeleid Jul 29, 2008 11:10 AM EDT |
for debian based distros: apt-get update;apt-get upgrade |
| Sander_Marechal Jul 29, 2008 11:47 AM EDT |
Almost. You need to enable dnssec as well :-) |
| tuxchick Jul 29, 2008 1:51 PM EDT |
Sander, what means 'enable dnssec'? Is there an actual working implementation we can use? Or is that sly geek humor? A number of "tech" reporters have said the same thing, which is why I wonder if it's real :) |
| Sander_Marechal Jul 29, 2008 2:14 PM EDT |
@tc: From the article:Quoting:Afterwards open /etc/bind/named.conf and modify the options section. [...] you should add "dnssec-enable yes;" - this makes that BIND answers queries on random ports which are harder to guess for hackers Of course, this assumes that someone who runs BIND has modified /etc/bind/named.conf and thus will not simply install the package maintainer's version. |
| herzeleid Jul 29, 2008 4:47 PM EDT |
Quoting:Afterwards open /etc/bind/named.conf and modify the options section. [...] you should add "dnssec-enable yes;" - this makes that BIND answers queries on random ports which are harder to guess for hackersI never specifically enabled dnssec nor mention it anywhere in named.conf, and yet the dns security test sites claim that my name servers "passed" or show "excellent" port randomization... |
| hughesjr Jul 30, 2008 6:25 AM EDT |
dnssec (at least in CentOS) is not required to enable random ports. The only thing that is required is: yum update and then to edit /etc/named.conf and verify that you do not have any active rules that include "query-source" (here is an example): query-source address * port 53; That rule will make the outbound port be 53 for all queries. dnssec is a very complicated set up .. though that is recommended ... but JUST enabling one rule in named.conf is not going to cut it :-D http://www.dnssec.net/ http://www.dnssec-tools.org/wiki/index.php/Authoritative_Ser... |
Posting in this forum is limited to members of the group: [ForumMods, SITEADMINS, MEMBERS.]
Becoming a member of LXer is easy and free. Join Us!