Multiple DNS implementations vulnerable to cache poisoning

Tuc at T-B-O-H.NET ml at
Fri Jul 11 14:58:01 UTC 2008

> Reading through the JavaScript that drives <>,
> it appears to be pretty easy to write a non-AJAX client to query Dan's
> service.  I threw one together in perl, named "noclicky", that allows you
> to use Dan's service against any nameserver specified on the command line.
> You can download a copy from <>.
	It looks like Dan changed what it returns, and noclicky 1.00 gets
confused. You can fix this, atleast until MCT comes out with a new version,
by putting :

my $date = shift @data;

	before the line :

print "Requests seen for $domain:\n";


More information about the NANOG mailing list