DNS cache poisoning attacks -- are they real?
Randy Bush
randy at psg.com
Mon Mar 28 06:11:54 UTC 2005
> And to Randy's point about problems with open recursive nameservers...
> abusers have been known to cache "hijack". Register a domain,
> configure an authority with very large TTLs, seed it onto known open
> recursive nameservers, update domain record to point to the open
> recursive servers rather than their own. Wammo, "bullet proof" dns
> hosting.
as has been said here repeatedly, you should not be running servers,
recursive or not, on old broken and vulnerable software.
randy
More information about the NANOG
mailing list