nanog mailing list archives
how to protect name servers against cache corruption
From: Paul A Vixie <vixie () vix com>
Date: Tue, 22 Jul 1997 13:24:59 -0700
a BIND 4.9.6 or 8.1.1 server is immune. so, you could upgrade. to so do, see http://www.isc.org/isc/ which will lead you to ftp://ftp.isc.org/isc/. (the root name servers are all running modern software at this point.) alternic's corruption works by locating authoritative name servers via the "NS RR"'s published in various zones. if you run these as authoritative- only (recursion disabled) then they will never fetch any data from anywhere. (the root name servers are configured this way, for example.) the downside is that you can't list such nameservers in your "resolv.conf" files or PC equivilents (Control Panel\\Networking\\TCP IP Settings, or some such rot.) this means you need more name servers if you separate recursive from non- recursive.
Current thread:
- how to protect name servers against cache corruption Paul A Vixie (Jul 22)
- Re: how to protect name servers against cache corruption Robert Bowman (Jul 22)
- Re: how to protect name servers against cache corruption Michael Dillon (Jul 22)
- Re: how to protect name servers against cache corruption Deepak Jain (Jul 22)
- Re: how to protect name servers against cache corruption Paul A Vixie (Jul 22)
- Re: how to protect name servers against cache corruption Juergen Georgi (Jul 22)
- Re: how to protect name servers against cache corruption Karl Denninger (Jul 22)
- Re: how to protect name servers against cache corruption tqbf (Jul 29)
- Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)
- Re: how to protect name servers against cache corruption Thomas H. Ptacek (Jul 29)
- Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)
- Re: how to protect name servers against cache corruption Paul A Vixie (Jul 29)