Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations

• Previous message (by thread): Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations
• Next message (by thread): Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Aside from individual OS behavior, doesn't this seem like very bad advice?

What sort of DNS cache poisoning attack could possibly work against a
workstation that has a caching resolver but no DNS server? If a hacker
really wished to do a name resolution attack against workstations, wouldn't
they just write some spyware that injected a hosts file? Seems easier.

At any rate, wouldn't disabling caching/not paying attention to TTLs have a
truly adverse impact on the DNS infrastructure? What is the % difference in
incremental DNS server load between a host that obeys TTLs and one that not,
but makes a new query each time? A single host wouldn't have much impact -
how about a couple million?

Is there something I'm missing here that's motivating Yarden's advice?

- Dan

</head scratching>

On 4/18/05 1:35 PM, "Chris Adams" <cmadams at hiwaay.net> wrote:

> 
> Once upon a time, Patrick W. Gilmore <patrick at ianai.net> said:
>> Depends on what you call "caching".  Does honoring a TTL qualify as
>> caching?
> 
> What other kind of DNS caching is there?
> 
>> Can you imagine what would happen if every time anyone ever looked up
>> any hostname they sent out a DNS query?
> 
> That's what most Unix/Linux/*BSD boxes do unless they are running a
> local caching name service of some time (BIND, nscd, etc.).  I wasn't
> actually aware that Windows had a DNS cache service.

• Previous message (by thread): Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations
• Next message (by thread): Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]