nanog mailing list archives
Re: DNS cache poisoning attacks -- are they real?
From: Chris Brenton <cbrenton () chrisbrenton org>
Date: Tue, 29 Mar 2005 10:38:26 -0500
On Tue, 2005-03-29 at 05:37, Simon Waters wrote:
The answers from a recursive servers won't be marked authoritative (AA bit not set), and so correct behaviour is to discard (BIND will log a lame server message as well by default) these records. If your recursive resolver doesn't discard these records, suggest you get one that works ;)
In a perfect world, this might be a viable solution. The problem is there are far too many legitimate but "broken" name servers out there. On an average day I log well over 100 lame servers. If I broke this functionality, my helpdesk would get flooded pretty quickly with angry users. HTH, Chris
Current thread:
- Re: DNS cache poisoning attacks -- are they real?, (continued)
- Re: DNS cache poisoning attacks -- are they real? Suresh Ramasubramanian (Mar 27)
- Re: DNS cache poisoning attacks -- are they real? Joe Maimon (Mar 27)
- Re: DNS cache poisoning attacks -- are they real? Randy Bush (Mar 27)
- Re: DNS cache poisoning attacks -- are they real? Christopher L. Morrow (Mar 27)
- Re: DNS cache poisoning attacks -- are they real? John Payne (Mar 28)
- Re: DNS cache poisoning attacks -- are they real? Randy Bush (Mar 28)
- Re: DNS cache poisoning attacks -- are they real? John Payne (Mar 28)
- Re: DNS cache poisoning attacks -- are they real? Simon Waters (Mar 29)
- Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 29)
- Message not available
- Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 30)
- Re: DNS cache poisoning attacks -- are they real? Suresh Ramasubramanian (Mar 27)
- Re: DNS cache poisoning attacks -- are they real? Chris Brenton (Mar 29)
- Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 29)
- Re: DNS cache poisoning attacks -- are they real? John Payne (Mar 30)
- Re: DNS cache poisoning attacks -- are they real? Chris Brenton (Mar 28)
- Re: DNS cache poisoning attacks -- are they real? Joe Maimon (Mar 29)
- Re: DNS cache poisoning attacks -- are they real? Chris Brenton (Mar 29)
- Re: DNS cache poisoning attacks -- are they real? Sam Hayes Merritt, III (Mar 29)
- Message not available
- Re: DNS cache poisoning attacks -- are they real? Joe Maimon (Mar 29)
- Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 30)
- Re: DNS cache poisoning attacks -- are they real? Joe Maimon (Mar 30)
- Re: DNS cache poisoning attacks -- are they real? bmanning (Mar 27)