29 Jul
2008
29 Jul
'08
9:41 a.m.
On Mon, 28 Jul 2008, Colin Alston wrote:
In fact, why *don't* implementations discard authoritative responses from non-authoritative hosts? Or do we? Or am I horribly wrong?
The response is spoofed so that it appears to come from the correct host.
There's an argument that IP spoofing can easily derail this, but I'd shift that argument higher up the OSI, blame TCP, and move on to recommending SYN cookies.
DNS uses UDP. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ THAMES DOVER WIGHT: SOUTH OR SOUTHWEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SLIGHT OR MODERATE, OCCASIONALLY ROUGH IN WIGHT AT FIRST. THUNDERY SHOWERS. MODERATE OR GOOD.