[There's a reason that Yoda is the unofficial mascot of SBS. Size indeed matters not.] DNS take action - THE OFFICIAL BLOG OF THE SBS "DIVA"
Tue, Jul 22 2008 23:16 bradley

DNS take action

SANS Internet Storm Center; Cooperative Network Security Community - Internet Security - isc:
http://isc.sans.org/diary.html?storyid=4765

If you have not patched for DNS because you've heard of the DNS patching issues, flip your DNS forwarders to www.opendns.org

Full instructions on how to point your forwarders to them is on their web site.  For SBS'ers it's more important that we forward to a trusted DNS provider or use root hints.  I'm not downplaying the patch but if you are holding back on this, take some sort of action and ensure that your ISP's DNS is patched. If you are unsure, you can run this test on Dan's site http://www.doxpara.com/?p=1176 but OpenDNS may be safer over the long haul.

Filed under:

# re: DNS take action

Wednesday, July 23, 2008 9:53 AM by HandyAndy

OK Susan, so which is better opendns or no forwarders at all.

When you give us newbees directions that say do this or do that, please prioritize this or that so we know know which is the most preferred method.

Thx,

the newbee

# re: DNS take action

Wednesday, July 23, 2008 10:15 AM by surge

i've ran the test and get this:

Your name server, at IP, may be safe, but the NAT/Firewall in front of it appears to be interfering with its port selection policy. The difference between largest port and smallest port was only 28.

does this mean my watchguard firewall is not patched correctly?