m0n0wall & DNS Vulnerability

It appears that Dan Kaminsky’s DNS vulnerability is now out in the open. Or maybe it isn’t. Who knows. There was a lot of noise about vendors and ISPs dealing with patches, etc.

Happily, it appears that m0n0wall is not significantly affected. Manuel Kasper made a post on the user mailing list some time ago announcing v1.3b13-pre with an update to Dnsmasq. I installed this today without incident.

Words cannot express how much I appreciate m0n0wall. It’s simply fantastic for SOHO situations like my office.

2 thoughts on “m0n0wall & DNS Vulnerability”

  1. A related note, with the new DNS port randomization some people are having problems with SIP/RTP configurations and wide UDP port forwardings, like asterisk’s default of 10000-20000.

    The results is random DNS failures when it collides with the wide RTP port forwards.

    A solution is to reduce the size of your RTP port range in rtp.conf (rtpstart and rtpend) and your inbound NAT forwarding settings in m0n0wall.

    Lonnie

Comments are closed.