nanog mailing list archives
Re: Great Suggestion for the DNS problem...?
From: Tony Finch <dot () dotat at>
Date: Tue, 29 Jul 2008 14:41:13 +0100
On Mon, 28 Jul 2008, Colin Alston wrote:
In fact, why *don't* implementations discard authoritative responses from non-authoritative hosts? Or do we? Or am I horribly wrong?
The response is spoofed so that it appears to come from the correct host.
There's an argument that IP spoofing can easily derail this, but I'd shift that argument higher up the OSI, blame TCP, and move on to recommending SYN cookies.
DNS uses UDP. Tony. -- f.anthony.n.finch <dot () dotat at> http://dotat.at/ THAMES DOVER WIGHT: SOUTH OR SOUTHWEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SLIGHT OR MODERATE, OCCASIONALLY ROUGH IN WIGHT AT FIRST. THUNDERY SHOWERS. MODERATE OR GOOD.
Current thread:
- Great Suggestion for the DNS problem...? Jay R. Ashworth (Jul 28)
- Re: Great Suggestion for the DNS problem...? Colin Alston (Jul 28)
- RE: Great Suggestion for the DNS problem...? Tomas L. Byrnes (Jul 28)
- Re: Great Suggestion for the DNS problem...? Jay R. Ashworth (Jul 28)
- Re: Great Suggestion for the DNS problem...? Colin Alston (Jul 28)
- Re: Great Suggestion for the DNS problem...? Tony Finch (Jul 29)
- Re: Great Suggestion for the DNS problem...? Colin Alston (Jul 29)
- Re: Great Suggestion for the DNS problem...? Laurence F. Sheldon, Jr. (Jul 29)
- Re: Great Suggestion for the DNS problem...? Steven M. Bellovin (Jul 29)
- Re: Great Suggestion for the DNS problem...? Mohacsi Janos (Jul 29)
- Re: Great Suggestion for the DNS problem...? Mikael Abrahamsson (Jul 29)
- Re: Great Suggestion for the DNS problem...? Laird Popkin (Jul 29)
- RE: Great Suggestion for the DNS problem...? Tomas L. Byrnes (Jul 28)
- Re: Great Suggestion for the DNS problem...? Colin Alston (Jul 28)
- Re: Great Suggestion for the DNS problem...? Michael Smith (Jul 28)