DNS vulnerability: other relevant software

[Matthias Geerdsen <vorlon () gentoo org>]

Hi,

looking at some of the DNS related software in our tree, I thought it 
might be nice to keep track of any findings of affected and unaffected 
packages...
So here is a start:

- posadis [1]:
	has not seen an update since dec 2004; I could not find 	any info on 
port randomization etc., but considering the age it might probably have 
other issues too.

- dnsmasq [2]:
        no port randomization [3]

- pdnsd [4]:
        no info yet

- MaraDNS [5]:
	"MaraDNS uses a strong secure RNG for both the query (16 bits of 
entropy) and the source port of the query (12 bits of entropy). This 
makes spoofing replies to a MaraDNS server more difficult, since the 
attacker has only a one in 250 million chance that a given spoofed reply 
will be considered valid." [6]

- MyDNS [7]:
        "MyDNS does not include recursive name service, nor a resolver library."
        also this thread [8]

- DNRD [9]: "Uses random source port and random query ID's to prevent 
cache poisoning."

Matthias



[1] <http://posadis.sourceforge.net/>
[2] <http://www.thekelleys.org.uk/dnsmasq/doc>
[3] 
<http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2008q3/002147.html>
[4] <http://www.phys.uu.nl/~rombouts/pdnsd/>
[5] <http://www.maradns.org/>
[6] <http://www.maradns.org/tutorial/man.maradns.html>
[7] <http://mydns.bboy.net/>
[8] 
<http://sourceforge.net/mailarchive/forum.php?thread_name=714ef0060807081802h4e52a70ak4f52e06c11e2abfe%40mail.gmail.com&forum_name=mydns-users>
[9] <http://dnrd.sourceforge.net/>


--
Matthias Geerdsen (vorlon)

Gentoo Linux Security Team
http://security.gentoo.org

Attachment: signature.asc
Description: OpenPGP digital signature