nanog mailing list archives
Re: TLD servers with recursion was Re: Exploit for DNS Cache Poisoning - RELEASED
From: John Kristoff <jtk () centergate net>
Date: Thu, 24 Jul 2008 08:43:04 -0500
On Thu, 24 Jul 2008 10:06:25 +0100 Simon Waters <simonw () zynet net> wrote:
I checked last night, and noticed TLD servers for .VA and .MUSEUM are still offering recursion amongst a load of less popular top level domains. Indeed just under 10% of the authoritative name servers mentioned in the root zone file still offer recursion.
While not ideal, at least most resolvers will not go asking those servers for anything other than what they are authoritative for unless an attacker for some reason wanted to setup a long chain of poisons. The large, shared caching servers and all those open CPE devices are a much larger concern I think. John
Current thread:
- Re: Exploit for DNS Cache Poisoning - RELEASED Paul Ferguson (Jul 23)
- <Possible follow-ups>
- Re: Exploit for DNS Cache Poisoning - RELEASED Paul Ferguson (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Tuc at T-B-O-H.NET (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Ganbold Tsagaankhuu (Jul 24)
- Re: Exploit for DNS Cache Poisoning - RELEASED Tuc at T-B-O-H.NET (Jul 24)
- Re: Exploit for DNS Cache Poisoning - RELEASED Tuc at T-B-O-H.NET (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Paul Ferguson (Jul 23)
- Re: Exploit for DNS Cache Poisoning - RELEASED Sean Donelan (Jul 23)
- TLD servers with recursion was Re: Exploit for DNS Cache Poisoning - RELEASED Simon Waters (Jul 24)
- Re: TLD servers with recursion was Re: Exploit for DNS Cache Poisoning - RELEASED John Kristoff (Jul 24)
- Re: TLD servers with recursion was Re: Exploit for DNS Cache Poisoning - RELEASED Gadi Evron (Jul 24)
- Re: TLD servers with recursion was Re: Exploit for DNS Cache Poisoning - RELEASED Gadi Evron (Jul 24)
- RE: TLD servers with recursion was Re: Exploit for DNS Cache Poisoning- RELEASED Martin Hannigan (Jul 24)
- RE: TLD servers with recursion was Re: Exploit for DNS Cache Poisoning- RELEASED Gadi Evron (Jul 24)
- RE: TLD servers with recursion was Re: Exploit for DNS CachePoisoning- RELEASED Martin Hannigan (Jul 24)
- Re: TLD servers with recursion was Re: Exploit for DNS Cache Poisoning- RELEASED Steve Bertrand (Jul 27)
- Re: TLD servers with recursion was Re: Exploit for DNS Cache Poisoning- RELEASED Gadi Evron (Jul 24)
- Re: TLD servers with recursion was Re: Exploit for DNS Cache Poisoning- RELEASED Steven M. Bellovin (Jul 24)
- Re: TLD servers with recursion was Re: Exploit for DNS Cache Poisoning - Paul Vixie (Jul 24)