On 4/18/05, Daniel Golding <dgolding@burtongroup.com> wrote:
Aside from individual OS behavior, doesn't this seem like very bad advice?
I think this is more of a question of who to trust. Caching, in general, isn't a bad thing provided that TTL's are adhered to. If the poisoning attack were to inject a huge TTL value, then that would compromise that cache. (Note, I am no expert on dns poisoning, so I'm not sure if the TTL is "attackable") However, on the flip side, if nothing is ever cached, then I would expect a huge amount of bandwidth to be eaten up by DNS queries. I think a seasoned op knows when to use caching and when to not use caching, but the everyday Joe User has no idea what caching is. If they see a technical article telling them to turn off caching because it will help stop phishing attacks (which they know are bad because everyone says so), then they may try to follow that advice. Aside from the "I broke my computer" syndrome, I expect they'll be very disappointed when their internet access becomes visibly slower because everything requires a new lookup... Is it possible to "prevent" poisoning attacks? Is it beneficial, or even possible, to prevent TTL's from being an excessively high value? -- Jason 'XenoPhage' Frisvold XenoPhage0@gmail.com