DNS cache poisoning attacks -- are they real?

• Previous message (by thread): DNS cache poisoning attacks -- are they real?
• Next message (by thread): DNS cache poisoning attacks -- are they real?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Brad Knowles:

> At 1:08 PM +0200 2005-03-29, Florian Weimer wrote:
>
>>  BIND accepts non-authoritative answers if their additional section
>>  looks a bit like a referral.  I don't tink that this check is
>>  deliberately lax, but stricter checks are simply harder to do on this
>>  particular code path.
>
> 	BIND explicitly assumes that there might be upstream nameservers 
> you may talk to that may be answering from cache.

Really?  I can't get it to work reliably.  Can you share an example
where delegation to a non-authoritative caching resolver works,
without the need for special seeding of the caching resolver?

Your posts to nanog at merit.edu aren't distributed by the mailing list,
BTW.

• Previous message (by thread): DNS cache poisoning attacks -- are they real?
• Next message (by thread): DNS cache poisoning attacks -- are they real?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]