The solution is apparently to start used random selected UDP source ports on the nameserver when answering to DNS requests. Well the new problem has with this solution already been created : "Vulnerability in IANA root servers, servers go down after UDP port storm." The only sensible solution is to create a hierarchical slaves.conf access list. WHO are allowed recursive access to higher up bind servers? Besides selection using ip-numbers, one can also be awarded with a valid DNS SEC hmac-md5 key. Ok I know this is Big Brother style stuff. But i don't know of any DNS hackers who like to leave their identity inside nameserver logs.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds