DNS cache poisoning attacks -- are they real?
fw at deneb.enyo.de
Tue Mar 29 15:43:17 UTC 2005
* Chris Brenton:
> In a perfect world, this might be a viable solution. The problem is
> there are far too many legitimate but "broken" name servers out there.
> On an average day I log well over 100 lame servers. If I broke this
> functionality, my helpdesk would get flooded pretty quickly with angry
Assuming BIND 9:
* Is the server lame?
if (fctx->res->lame_ttl != 0 && !ISFORWARDER(query->addrinfo) &&
result = dns_adb_marklame(fctx->adb, query->addrinfo,
now + fctx->res->lame_ttl);
if (result != ISC_R_SUCCESS)
"could not mark server as lame: %s",
broken_server = DNS_R_LAME;
keep_trying = ISC_TRUE;
So if you see something in the logs, it is already broken. 8-)
The discussion in this part of the thread focuses on flagging more
servers as lame (which are currently not detected by BIND or even
More information about the NANOG