On 2008-09-08, Sunnz  wrote:

quoted text
> 2008/7/20 Mark Shroyer :

>>

>> http://blog.spoofed.org/2008/07/mitigating-dns-cache-poisoning-with-pf.html

>>

>> The configuration line in question:

>>

>>    nat on $WAN_IF inet proto { tcp, udp } from a.b.c.d to any \

>>        port 53 -> a.b.c.d

>>

>> Or, if you have a dynamic IP address on a cable modem, etc.:

>>

>>    nat on $WAN_IF inet proto { tcp, udp } from ($WAN_IF) to any \

>>        port 53 -> ($WAN_IF)

>>

>

> Hey I was trying this today... however I have bind on the OpenDNS

> router that is doing nat itself, so do you know if that would work at

> all?

Yes.
But the patch is now available. You should just patch instead.