DNS cache poisoning attacks -- are they real?

bmanning at vacation.karoshi.com bmanning at vacation.karoshi.com
Sun Mar 27 21:25:29 UTC 2005


On Sun, Mar 27, 2005 at 11:36:26AM -0500, Joe Maimon wrote:
> 
> 
> 
> Suresh Ramasubramanian wrote:
> >On Sat, 26 Mar 2005 17:52:56 -0500 (EST), Sean Donelan <sean at donelan.com> 
> >wrote:
> >
> <snip>
> >
> >Thank $DEITY for large ISPs running open resolvers on fat pipes ..
> >those do come in quite handy in a resolv.conf sometimes, when I run
> >into this sort of behavior.
> >
> >--srs
> >
> >
> 
> Slightly OT to parent thread...on the subject of open dns resolvers.
> 
> Common best practices seem to suggest that doing so is a bad thing. DNS 
> documentation and http://www.dnsreport.com appear to view this negatively.

	er... common best practice for YOU... perhaps.
	dnsreport.com is apparently someone who agrees w/ you.
	and i know why some COMMERCIAL operators want to squeeze
	every last lira from the services they offer...
	but IMRs w/ unrestricted access are a good a valuable tool
	for the Internet community at large.

	IMR? - you know, an Interative Mode Resolver aka caching server.

> Joe

--bill



More information about the NANOG mailing list