Attila Bruncsak (Login bruncsak) Posted Jul 10, 2008 9:58 AM
Most of the DNS servers and resolver library going to be updated due to the yesterday's disclosure of the weak security of DNS protocol against of the DNS cache poisoning attack via spoofed answer packets. Since the cryptographically strong randomization of the source port is a used workaround to improve on that security problem, it is going to be even more difficult to debug DNS related problems if a router blocks the IP packets if their source port is outside of a given arbitrary range. Is it possible to improve on the web interface to optionally fix the source port for the query? That would greatly improve on the dnscheck tool.