[106461] in North American Network Operators' Group
Re: Great Suggestion for the DNS problem...?
daemon@ATHENA.MIT.EDU (Tony Finch)
Tue Jul 29 09:41:46 2008
Date: Tue, 29 Jul 2008 14:41:13 +0100
From: Tony Finch <dot@dotat.at>
To: Colin Alston <karnaugh@karnaugh.za.net>
In-Reply-To: <488E2A12.40408@karnaugh.za.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On Mon, 28 Jul 2008, Colin Alston wrote:
>
> In fact, why *don't* implementations discard authoritative responses
> from non-authoritative hosts? Or do we? Or am I horribly wrong?
The response is spoofed so that it appears to come from the correct host.
> There's an argument that IP spoofing can easily derail this, but I'd shift
> that argument higher up the OSI, blame TCP, and move on to recommending SYN
> cookies.
DNS uses UDP.
Tony.
--
f.anthony.n.finch <dot@dotat.at> http://dotat.at/
THAMES DOVER WIGHT: SOUTH OR SOUTHWEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SLIGHT
OR MODERATE, OCCASIONALLY ROUGH IN WIGHT AT FIRST. THUNDERY SHOWERS. MODERATE
OR GOOD.
