DNS cache poisoning attacks -- are they real?
John Payne
john at sackheads.org
Mon Mar 28 15:54:06 UTC 2005
On Mar 28, 2005, at 1:11 AM, Randy Bush wrote:
>> And to Randy's point about problems with open recursive nameservers...
>> abusers have been known to cache "hijack". Register a domain,
>> configure an authority with very large TTLs, seed it onto known open
>> recursive nameservers, update domain record to point to the open
>> recursive servers rather than their own. Wammo, "bullet proof" dns
>> hosting.
>
> as has been said here repeatedly, you should not be running servers,
> recursive or not, on old broken and vulnerable software.
Huh? I think you do not understand. Do not mistake "cache hijack"
for "cache poison".
This is _nothing_ to do with what you're running on the recursive
nameserver. It is doing _exactly_ what it is supposed to do. Get
answers, store in cache, respond to queries from cache if TTL isn't
expired.
More information about the NANOG
mailing list