DNS Cache poisoning - how to protect myself?

Hello!

I recently found out that my server appears vulnerable to DNS Cache Poisoning. I've read the posts in the forum about that issue, but I couldn't find exact fix.

I have the most recent versions of bind:

# rpm -qa | grep ^bind
bind-libs-9.3.4-6.0.2.P1.el5_2
bind-9.3.4-6.0.2.P1.el5_2
bind-devel-9.3.4-6.0.2.P1.el5_2
bind-utils-9.3.4-6.0.2.P1.el5_2

When I try
# yum update bind
it comes out:
No Packages marked for Update

What can I do to fix the vulnerability?

Thanks a lot for the answers!

 

Thanks, Vinsar!

I compared the configuration, it doesn't seam to differ as much. Here is my configuration:

Code:

acl "abusers" {
        212.72.210.131;
};

acl "trusted-nameservers" {
        localhost;
        195.145.63.120;
        216.75.158.130;
};

acl "live-sites" {
        213.226.56.240;
};


key "rndc-key" {
        algorithm hmac-md5;
        secret "qSTHkfjemt1Bu77fWw4p/A==";
};
controls {
        inet 127.0.0.1 port 953
        allow { 127.0.0.1; } keys { "rndc-key"; };
};

acl "my-nameservers" {
        localhost;
        195.145.63.120;
        216.75.158.130;
};

server 194.145.63.120 {
        transfer-format many-answers;
        keys { prim-sec1 ; };
};

options {
        directory "/etc/namedb";
        allow-transfer { trusted-nameservers; };

        allow-recursion { 127.0.0.1; 195.145.63.120; 216.75.158.130; };
        blackhole { abusers; };
        version "Guess what? no luck dude!";
};

logging {
        channel security { file "/var/log/sec-query.log"; print-time yes; };
        channel querylog { file "/var/log/bind9-query.log"; print-time yes; };
        category queries { querylog; };
        category lame-servers { null; };
        category security { security; };
};

... and below are the zones.
195.145.63.120 is the IP of the server, and 216.75.158.130 is the IP of the master DNS (195.145.63.120 works as a slave server).

Is there anything wrong in the configuration?

Thanks again!

 

I've tested with the test tool on dnsstuff.com and is says:

The DNS server at IP address 195.145.63.120 is susceptible to a DNS cache poisoning attack. The server is not changing its source port, query id, or both, between queries.
Based on the results, the DNS server is vulnerable if the IPs AND the source ports match, or the query IDs match. Matching query source ports or query IDs make it easier to spoof fake results to the DNS server, poisoning its cache.

With other servers the query souce ports do not match. How can I set my named that the source ports not match?

Thanks in advance!

 

Thank you again!

I've tried that, but no success

I just want the source ports of the queries to be different. I've set query-source port *; in the options section, but no success again ...

What more can I try?

Thanks a lot again!

 

I just reinstalled BIND with the new patched version and the problem was solved. Thanks for the help!