[Gllug] DNS security problem and broadband modems
Alain Williams
addw at phcomp.co.uk
Fri Jul 25 18:40:00 UTC 2008
Well, I patched my bind on my machine and I still get poor results:
$ dig +short @127.0.0.1 porttest.dns-oarc.net TXT
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"213.152.38.186 is POOR: 26 queries in 4.3 seconds from 26 ports with std dev 7.65"
Do that on another machine with the same version of bind and I get:
z.y.x.w.v.u.t.s.r.q.p.o.n.m.l.k.j.i.h.g.f.e.d.c.b.a.pt.dns-oarc.net.
"80.68.91.63 is GOOD: 26 queries in 4.1 seconds from 26 ports with std dev 20942.79"
The difference is that the first machine is my home machine, sitting on a broadband connection,
the second is in tele house (or somewhere). My broadband modem has a NATting firewall on it
(I also run a firewall on my home server [**]), this seems to be 'undoing' the port randomisation
that the latest bind does. If I look at the local port numbers that bind uses (with tcpdump)
I can see that it is using port numbers all over the place, this smells very much like
an issue with the broadband modem (a D-Link DSL-604+).
Question: either:
1) how to get round this problem ? I have played with the D-link config and don't think that
I can do it there.
or:
2) what new BB modem should I get ? I prob ought to get one anyway to be able to
upgrade the speed that I am getting.
TIA
[**]: I took it down for 10 seconds to be 100% sure that that was not the culprit.
--
Alain Williams
Linux Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256 http://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: http://www.phcomp.co.uk/contact.php
Chairman of UKUUG: http://www.ukuug.org/
#include <std_disclaimer.h>
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list