nanog mailing list archives

Re: DNS cache poisoning attacks -- are they real?

From: bmanning () vacation karoshi com
Date: Sun, 27 Mar 2005 21:25:29 +0000


On Sun, Mar 27, 2005 at 11:36:26AM -0500, Joe Maimon wrote:




Suresh Ramasubramanian wrote:

On Sat, 26 Mar 2005 17:52:56 -0500 (EST), Sean Donelan <sean () donelan com> 
wrote:

<snip>


Thank $DEITY for large ISPs running open resolvers on fat pipes ..
those do come in quite handy in a resolv.conf sometimes, when I run
into this sort of behavior.

--srs


Slightly OT to parent thread...on the subject of open dns resolvers.

Common best practices seem to suggest that doing so is a bad thing. DNS 
documentation and http://www.dnsreport.com appear to view this negatively.


        er... common best practice for YOU... perhaps.
        dnsreport.com is apparently someone who agrees w/ you.
        and i know why some COMMERCIAL operators want to squeeze
        every last lira from the services they offer...
        but IMRs w/ unrestricted access are a good a valuable tool
        for the Internet community at large.

        IMR? - you know, an Interative Mode Resolver aka caching server.

Joe


--bill

Current thread:

Re: DNS cache poisoning attacks -- are they real?, (continued)
- - - Re: DNS cache poisoning attacks -- are they real? Chris Brenton (Mar 29)
    - Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 29)
    - Re: DNS cache poisoning attacks -- are they real? John Payne (Mar 30)
    - Re: DNS cache poisoning attacks -- are they real? Chris Brenton (Mar 28)
    - Re: DNS cache poisoning attacks -- are they real? Joe Maimon (Mar 29)
    - Re: DNS cache poisoning attacks -- are they real? Chris Brenton (Mar 29)
    - Re: DNS cache poisoning attacks -- are they real? Sam Hayes Merritt, III (Mar 29)
    - Message not available
    - Re: DNS cache poisoning attacks -- are they real? Joe Maimon (Mar 29)
    - Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 30)
    - Re: DNS cache poisoning attacks -- are they real? Joe Maimon (Mar 30)
    - Re: DNS cache poisoning attacks -- are they real? bmanning (Mar 27)
    - Re: DNS cache poisoning attacks -- are they real? Joe Maimon (Mar 27)
    - Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 27)
    - Message not available
    - Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 27)
    - Message not available
    - Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 29)
    - Re: DNS cache poisoning attacks -- are they real? Randy Bush (Mar 27)
    - Blocking port 53 Sean Donelan (Mar 27)
    - Re: Blocking port 53 Randy Bush (Mar 27)
    - Re: Blocking port 53 John Levine (Mar 27)
    - how about the basics? [was: Re: Blocking port 53] Gadi Evron (Mar 28)
    - Message not available
    - Re: DNS cache poisoning attacks -- are they real? Suresh Ramasubramanian (Mar 27)

(Thread continues...)