DNS vulnerability testing

How to test if your caching nameserver is vulnerable to recently hot cache poisoning issue:

dig @ip_of_your_caching_ns +short porttest.dns-oarc.net TXT


$ dig @ +short porttest.dns-oarc.net TXT
"x.y.z.q is GOOD: 26 queries in 5.0 seconds from 26 ports with std dev 17652.90"

Apache Mod Fastcgi PHP

Default apache running from one UID/GID isn’t too secure. Users can look into all virtuals hosted on server. No one can stop them if PHP/CGI is allowed.

One of solutions of this problem is to run PHP as CGI. With suexec this will allow to run PHP under certain UID/GID. Unfortunately running PHP as CGI slows things down. FastCGI comes with help here.