Great Suggestion for the DNS problem...?
Colin Alston
karnaugh at karnaugh.za.net
Tue Jul 29 13:56:19 UTC 2008
Tony Finch wrote:
> On Mon, 28 Jul 2008, Colin Alston wrote:
>> In fact, why *don't* implementations discard authoritative responses
>> from non-authoritative hosts? Or do we? Or am I horribly wrong?
>
> The response is spoofed so that it appears to come from the correct host.
>
>> There's an argument that IP spoofing can easily derail this, but I'd shift
>> that argument higher up the OSI, blame TCP, and move on to recommending SYN
>> cookies.
>
> DNS uses UDP.
Ahh yes of course..
Why does it use UDP? :P
More information about the NANOG
mailing list