On Mon, 2005-03-28 at 01:04, John Payne wrote:
And to Randy's point about problems with open recursive nameservers... abusers have been known to cache "hijack". Register a domain, configure an authority with very large TTLs, seed it onto known open recursive nameservers, update domain record to point to the open recursive servers rather than their own. Wammo, "bullet proof" dns hosting.
I posted a note to Bugtraq on this process about a year and a half ago as at the time I noticed a few spammers using this technique. Seems they were doing this to protect their NS from retaliatory attacks. http://cert.uni-stuttgart.de/archive/bugtraq/2003/09/msg00164.html Large TTLs only get you so far. All depends on the default setting of max-cache-ttl. For Bind this is 7 days. MS DNS is 24 hours. Obviously spammers can do a lot of damage in 7 days. :( HTH, Chris