Re: DNS cache poisoning attacks -- are they real?
30 Mar
2005
30 Mar
'05
6:37 a.m.
* Brad Knowles:
At 1:08 PM +0200 2005-03-29, Florian Weimer wrote:
BIND accepts non-authoritative answers if their additional section looks a bit like a referral. I don't tink that this check is deliberately lax, but stricter checks are simply harder to do on this particular code path.
BIND explicitly assumes that there might be upstream nameservers you may talk to that may be answering from cache.
Really? I can't get it to work reliably. Can you share an example where delegation to a non-authoritative caching resolver works, without the need for special seeding of the caching resolver? Your posts to nanog@merit.edu aren't distributed by the mailing list, BTW.
7208
Age (days ago)
7208
Last active (days ago)
0 comments
1 participants
participants (1)
-
Florian Weimer