Great Suggestion for the DNS problem...?

Colin Alston karnaugh at karnaugh.za.net
Tue Jul 29 08:56:19 CDT 2008


Tony Finch wrote:
> On Mon, 28 Jul 2008, Colin Alston wrote:
>> In fact, why *don't* implementations discard authoritative responses
>> from non-authoritative hosts? Or do we? Or am I horribly wrong?
> 
> The response is spoofed so that it appears to come from the correct host.
> 
>> There's an argument that IP spoofing can easily derail this, but I'd shift
>> that argument higher up the OSI, blame TCP, and move on to recommending SYN
>> cookies.
> 
> DNS uses UDP.

Ahh yes of course..

Why does it use UDP? :P




More information about the NANOG mailing list