Why *can* cached DNS replies be overwritten?
Jay R. Ashworth
jra at baylink.com
Mon Aug 11 16:09:53 UTC 2008
On Mon, Aug 11, 2008 at 11:59:16AM -0400, Leo Bicknell wrote:
> Let's say you query FOO.COM, and it says "My servers are A, B, and
> C." So you cache A, B, and C and go on your merry way.
>
> Now, before the TTL expires the data center with B and C in it gets
> hit by a tornado. The FOO.COM admin quickly stands up two new
> servers in a new data center, and updates FOO.COM to be servers A,
> D, and E. So you go back and ask for "newname.foo.com" from A, by
> random chance. A sends you back "it's 1.2.3.4, and A, D, and E
> know all about it.".
>
> What you're advocating is that the server go, humm, that's not what
> I got the first time and keep using A, B, and C, for which B and C
> may no longer be authortative, or worse in this example, are completly
> offline. It would then wait until the TTL expires to get the same
> data.
As long as one of the cached zone servers is still working, no, it
would only time out the individual queries.
> That's not to say there aren't possibly other checks or rechecks
> that could be done, but in the vast majority of day to day cases
> when someone properly gives you additional information it is useful.
>
> Authorities are updated all the time. There are thousands of these
> cache overwrites with new, more up to date info every day.
It would seem to me that the aggregate amount of trouble that would be
caused by handling differently the situation that you posit above is
several orders of magnitude smaller in importance than the trouble which
would stem from someone cache-poisoning .com on the resovers of the top
10 consumer ISPs.
IE: that's a really lame reason to leave it as it is. ;-)
Cheers,
-- jra
--
Jay R. Ashworth Baylink jra at baylink.com
Designer The Things I Think RFC 2100
Ashworth & Associates http://baylink.pitas.com '87 e24
St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Those who cast the vote decide nothing.
Those who count the vote decide everything.
-- (Josef Stalin)
More information about the NANOG
mailing list