r impossible depending on the client).
By forcing the source port for recursive requests to a given fixed
one, do you not make yourself more vulnerable to the spoofing attacks
you were talking about, because the attacker does not have to predict
the source port of the query ?
--
Thomas Seyrat.
atter of IP filtering but also in BIND's own
configuration (using allow-query and allow-recursion sets).
Authoritative name serving is a totally different matter, since you
can not predict the source adress.
--
Thomas Seyrat.
2 matches
Mail list logo
