Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: DNS cache poisoning attacks -- are they real?

  • From: Chris Brenton
  • Date: Tue Mar 29 10:40:15 2005

On Tue, 2005-03-29 at 05:37, Simon Waters wrote:
>
> The answers from a recursive servers won't be marked authoritative (AA bit not 
> set), and so correct behaviour is to discard (BIND will log a lame server 
> message as well by default) these records.
> 
> If your recursive resolver doesn't discard these records, suggest you get one 
> that works ;)

In a perfect world, this might be a viable solution. The problem is
there are far too many legitimate but "broken" name servers out there.
On an average day I log well over 100 lame servers. If I broke this
functionality, my helpdesk would get flooded pretty quickly with angry
users.

HTH,
Chris






Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.