Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DNS cache poisoning attacks -- are they real?

  • From: Alex Bligh
  • Date: Sat Mar 26 17:37:06 2005

--On 26 March 2005 23:23 +0100 Florian Weimer <> wrote:

Should we monitor for evidence of hijacks (unofficial NS and SOA
records are good indicators)?  Should we actively scan for
authoritative name servers which return unofficial data?
And what if you find them? I seem to remember a server (from memory many many years ago had some polluted data out there as an A
record. All bright and bushy-tailed I told the UUnet folks about this. They
were resigned. Someone, somewhere, had mistyped an IP address, and it had
got into everyone's glue, got republished by anyone and everyone, and in
essence had no chance of going away. Now I understand (a little) more about
DNS than I did at the time so I now (just about) know how DNS servers
should avoid returning such info (where they are both caching and
authoritative), but I equally know this is built upon the principle
no-one does anything actively malicious.

The only way you are going to prevent packet level (as opposed to
organization level) DNS hijack is get DNSSEC deployed. Your ietf list is
over ------> there.


Discussion Communities

About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home

Merit Network, Inc.