Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 09 Jul 2008 14:07:01 +0200
From: Matthias Geerdsen <>
Subject: DNS vulnerability: other relevant software


looking at some of the DNS related software in our tree, I thought it 
might be nice to keep track of any findings of affected and unaffected 
So here is a start:

- posadis [1]:
	has not seen an update since dec 2004; I could not find 	any info on 
port randomization etc., but considering the age it might probably have 
other issues too.

- dnsmasq [2]:
	no port randomization [3]

- pdnsd [4]:
	no info yet

- MaraDNS [5]:
	"MaraDNS uses a strong secure RNG for both the query (16 bits of 
entropy) and the source port of the query (12 bits of entropy). This 
makes spoofing replies to a MaraDNS server more difficult, since the 
attacker has only a one in 250 million chance that a given spoofed reply 
will be considered valid." [6]

- MyDNS [7]:
	"MyDNS does not include recursive name service, nor a resolver library."
	also this thread [8]

- DNRD [9]: "Uses random source port and random query ID's to prevent 
cache poisoning."


[1] <>
[2] <>
[4] <>
[5] <>
[6] <>
[7] <>
[9] <>

Matthias Geerdsen (vorlon)

Gentoo Linux Security Team

Download attachment "signature.asc" of type "application/pgp-signature" (190 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.