Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations

• Previous message (by thread): Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations
• Next message (by thread): Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 4/18/05, Daniel Golding <dgolding at burtongroup.com> wrote:
> 
> 
> Aside from individual OS behavior, doesn't this seem like very bad advice?

I think this is more of a question of who to trust.  Caching, in
general, isn't a bad thing provided that TTL's are adhered to.  If the
poisoning attack were to inject a huge TTL value, then that would
compromise that cache.  (Note, I am no expert on dns poisoning, so I'm
not sure if the TTL is "attackable")

However, on the flip side, if nothing is ever cached, then I would
expect a huge amount of bandwidth to be eaten up by DNS queries.

I think a seasoned op knows when to use caching and when to not use
caching, but the everyday Joe User has no idea what caching is.  If
they see a technical article telling them to turn off caching because
it will help stop phishing attacks (which they know are bad because
everyone says so), then they may try to follow that advice.  Aside
from the "I broke my computer" syndrome, I expect they'll be very
disappointed when their internet access becomes visibly slower because
everything requires a new lookup...

Is it possible to "prevent" poisoning attacks?  Is it beneficial, or
even possible, to prevent TTL's from being an excessively high value?

-- 
Jason 'XenoPhage' Frisvold
XenoPhage0 at gmail.com

• Previous message (by thread): Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations
• Next message (by thread): Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]