nanog mailing list archives
Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations
From: Rachael Treu Gomes <rara () navigo com>
Date: Mon, 18 Apr 2005 14:14:44 -0500
On Mon, Apr 18, 2005 at 03:05:55PM -0400, Jason Frisvold said something to the effect of:
On 4/18/05, Daniel Golding <dgolding () burtongroup com> wrote:Aside from individual OS behavior, doesn't this seem like very bad advice?I think this is more of a question of who to trust. Caching, in general, isn't a bad thing provided that TTL's are adhered to. If the poisoning attack were to inject a huge TTL value, then that would compromise that cache. (Note, I am no expert on dns poisoning, so I'm not sure if the TTL is "attackable") However, on the flip side, if nothing is ever cached, then I would expect a huge amount of bandwidth to be eaten up by DNS queries.
You are right. Time spent in security for an ISP yielded many DoS-against-the-DNS-server complaints that turned out to be some query-happy non-cachers pounding away at the server. The solution: block the querying IP from touching the DNS server. Somehow, I think that might have hampered their name resolution efforts...? ;) cache me if you can, --ra
I think a seasoned op knows when to use caching and when to not use caching, but the everyday Joe User has no idea what caching is. If they see a technical article telling them to turn off caching because it will help stop phishing attacks (which they know are bad because everyone says so), then they may try to follow that advice. Aside from the "I broke my computer" syndrome, I expect they'll be very disappointed when their internet access becomes visibly slower because everything requires a new lookup... Is it possible to "prevent" poisoning attacks? Is it beneficial, or even possible, to prevent TTL's from being an excessively high value? -- Jason 'XenoPhage' Frisvold XenoPhage0 () gmail com
--
rachael treu gomes rara () navigo com
..quis custodiet ipsos custodes?..
(this email has been brought to you by the letters 'v' and 'i'.)
Current thread:
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations, (continued)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Chris Adams (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Patrick W. Gilmore (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Eric Louie (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Daniel Golding (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Jason Frisvold (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Mikael Abrahamsson (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Florian Weimer (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Jason Frisvold (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Matthew Sullivan (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Randy Bush (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Rachael Treu Gomes (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Florian Weimer (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Peter & Karin Dambier (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations Tony Rall (Apr 18)
- Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations JC Dill (Apr 19)