> Right, but c-ares isn't setting the source port to anything AFAIK so it uses
> the random port provided by the OS. I believe the problems in some other
> implementations was because they explictily set the source port number.
Actually, that (was) the problem with BIND. It was setting a source
port and was reusing it. The randomization of the source port can be
accomplished for some sockets with various tunables (e.g. on FreeBSD,
sysctl net.inet.ip.portrange.randomized=1). However, BIND was not
subject to this for some reason.
c-ares isn't a DNS _server_ is it? If not, this vulnerability really
does not affect it at all. It's nameservers that respond to queries
with the same source port (or with a trivially predictable source
port) that is the problem, not the source port used for client
queries. :)
Josh
Received on 2008-07-14