18 Apr
2005
18 Apr
'05
3:45 p.m.
* Jason Frisvold:
I think this is more of a question of who to trust. Caching, in general, isn't a bad thing provided that TTL's are adhered to. If the poisoning attack were to inject a huge TTL value, then that would compromise that cache. (Note, I am no expert on dns poisoning, so I'm not sure if the TTL is "attackable")
I'm not sure if you can poison the entire cache of a stub resolver (which can't do recursive lookups on its own). I would expect that the effect is limited to a particular DNS record, which in turn should expire after the hard TTL limit (surely there is one).