nanog mailing list archives

Re: DNS cache poisoning attacks -- are they real?

From: Florian Weimer <fw () deneb enyo de>
Date: Wed, 30 Mar 2005 13:37:29 +0200


* Brad Knowles:

At 1:08 PM +0200 2005-03-29, Florian Weimer wrote:

 BIND accepts non-authoritative answers if their additional section
 looks a bit like a referral.  I don't tink that this check is
 deliberately lax, but stricter checks are simply harder to do on this
 particular code path.


      BIND explicitly assumes that there might be upstream nameservers 
you may talk to that may be answering from cache.


Really?  I can't get it to work reliably.  Can you share an example
where delegation to a non-authoritative caching resolver works,
without the need for special seeding of the caching resolver?

Your posts to nanog () merit edu aren't distributed by the mailing list,
BTW.

Current thread:

Re: DNS cache poisoning attacks -- are they real?, (continued)
- - - Re: DNS cache poisoning attacks -- are they real? Christopher L. Morrow (Mar 26)
  - Re: DNS cache poisoning attacks -- are they real? Suresh Ramasubramanian (Mar 27)
    - Re: DNS cache poisoning attacks -- are they real? Joe Maimon (Mar 27)
    - Re: DNS cache poisoning attacks -- are they real? Randy Bush (Mar 27)
    - Re: DNS cache poisoning attacks -- are they real? Christopher L. Morrow (Mar 27)
    - Re: DNS cache poisoning attacks -- are they real? John Payne (Mar 28)
    - Re: DNS cache poisoning attacks -- are they real? Randy Bush (Mar 28)
    - Re: DNS cache poisoning attacks -- are they real? John Payne (Mar 28)
    - Re: DNS cache poisoning attacks -- are they real? Simon Waters (Mar 29)
    - Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 29)
    - Message not available
    - Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 30)
    - Re: DNS cache poisoning attacks -- are they real? Chris Brenton (Mar 29)
    - Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 29)
    - Re: DNS cache poisoning attacks -- are they real? John Payne (Mar 30)
    - Re: DNS cache poisoning attacks -- are they real? Chris Brenton (Mar 28)
    - Re: DNS cache poisoning attacks -- are they real? Joe Maimon (Mar 29)
    - Re: DNS cache poisoning attacks -- are they real? Chris Brenton (Mar 29)
    - Re: DNS cache poisoning attacks -- are they real? Sam Hayes Merritt, III (Mar 29)
    - Message not available
    - Re: DNS cache poisoning attacks -- are they real? Joe Maimon (Mar 29)
    - Re: DNS cache poisoning attacks -- are they real? Florian Weimer (Mar 30)
    - Re: DNS cache poisoning attacks -- are they real? Joe Maimon (Mar 30)

(Thread continues...)