On 7/9/2008 at 5:58 AM Steve Tornio wrote:
|On Jul 9, 2008, at 4:53 AM, Rod Whitworth wrote:

|>

|>

|> # tcpdump -nettti rl0 dst port 53

|> tcpdump: listening on rl0, link-type EN10MB

|> Jul 09 19:48:27.786683 00:01:80:0f:2b:94 00:00:24:c6:18:85 0800 70:

|> 192.168.80.4.16284 > 192.168.80.1.53: 57120+ A? pps.com.au. (28)

|> Jul 09 19:48:43.690332 00:01:80:0f:2b:94 00:00:24:c6:18:85 0800 67:

|> 192.168.80.4.1356 > 192.168.80.1.53: 32536+ A? ibm.com. (25)

|> Jul 09 19:49:11.013223 00:01:80:0f:2b:94 00:00:24:c6:18:85 0800 69:

|> 192.168.80.4.14540 > 192.168.80.1.53: 29420+ A? intel.com. (27)

|> ....

|>

|> # uname -a

|> OpenBSD master.witworx.com 4.3 GENERIC#698 i386

|>

|> Guess again.

|>

|> Was that so hard to try?

|

|I get a different result using the external interface of my caching

|name server, and mine looks vulnerable.

[snip]

|frank# uname -a

|OpenBSD frank.placeholder.com 4.3 GENERIC#698 i386
 =============
fwiw, I used the test on the website (http://www.doxpara.com/) and my OpenBSD

4.3 named server was flagged as vulnerable.