nanog mailing list archives
Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations
From: Jason Frisvold <xenophage0 () gmail com>
Date: Mon, 18 Apr 2005 15:05:55 -0400
On 4/18/05, Daniel Golding <dgolding () burtongroup com> wrote:
Aside from individual OS behavior, doesn't this seem like very bad advice?
I think this is more of a question of who to trust. Caching, in general, isn't a bad thing provided that TTL's are adhered to. If the poisoning attack were to inject a huge TTL value, then that would compromise that cache. (Note, I am no expert on dns poisoning, so I'm not sure if the TTL is "attackable") However, on the flip side, if nothing is ever cached, then I would expect a huge amount of bandwidth to be eaten up by DNS queries. I think a seasoned op knows when to use caching and when to not use caching, but the everyday Joe User has no idea what caching is. If they see a technical article telling them to turn off caching because it will help stop phishing attacks (which they know are bad because everyone says so), then they may try to follow that advice. Aside from the "I broke my computer" syndrome, I expect they'll be very disappointed when their internet access becomes visibly slower because everything requires a new lookup... Is it possible to "prevent" poisoning attacks? Is it beneficial, or even possible, to prevent TTL's from being an excessively high value? -- Jason 'XenoPhage' Frisvold XenoPhage0 () gmail com
Current thread:
- Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Jay R. Ashworth (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Patrick W. Gilmore (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Chris Adams (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Patrick W. Gilmore (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Chris Adams (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Patrick W. Gilmore (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Chris Adams (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Eric Louie (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Daniel Golding (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Jason Frisvold (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Mikael Abrahamsson (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Florian Weimer (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Jason Frisvold (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Matthew Sullivan (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Randy Bush (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Patrick W. Gilmore (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Rachael Treu Gomes (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Florian Weimer (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Peter & Karin Dambier (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Tony Rall (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations JC Dill (Apr 19)