[106463] in North American Network Operators' Group
Re: Great Suggestion for the DNS problem...?
daemon@ATHENA.MIT.EDU (Colin Alston)
Tue Jul 29 09:57:33 2008
Date: Tue, 29 Jul 2008 15:56:19 +0200
From: Colin Alston <karnaugh@karnaugh.za.net>
To: Tony Finch <dot@dotat.at>
In-Reply-To: <alpine.LSU.1.10.0807291440030.19189@hermes-1.csi.cam.ac.uk>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
Tony Finch wrote:
> On Mon, 28 Jul 2008, Colin Alston wrote:
>> In fact, why *don't* implementations discard authoritative responses
>> from non-authoritative hosts? Or do we? Or am I horribly wrong?
>
> The response is spoofed so that it appears to come from the correct host.
>
>> There's an argument that IP spoofing can easily derail this, but I'd shift
>> that argument higher up the OSI, blame TCP, and move on to recommending SYN
>> cookies.
>
> DNS uses UDP.
Ahh yes of course..
Why does it use UDP? :P
