[106730] in North American Network Operators' Group
Re: Why *can* cached DNS replies be overwritten?
daemon@ATHENA.MIT.EDU (Tony Finch)
Mon Aug 11 11:59:04 2008
Date: Mon, 11 Aug 2008 16:58:45 +0100
From: Tony Finch <dot@dotat.at>
To: "Jay R. Ashworth" <jra@baylink.com>
In-Reply-To: <20080811153925.GP8391@cgi.jachomes.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On Mon, 11 Aug 2008, Jay R. Ashworth wrote:
>
> Everyone seems to continue asking "why can poisoning overwrite already
> cached answer" and no one seems to be answering, and, unless I'm a
> moron (which is not impossible), that's the crux of this issue.
Add me to the list of baffled observers. As far as I can tell this
vulnerability to poisoning is mostly forbidden by the trustworthiness
ranking in RFC 2181.
Tony.
--
f.anthony.n.finch <dot@dotat.at> http://dotat.at/
VIKING NORTH UTSIRE: SOUTHWEST 5 TO 7 BACKING SOUTHEAST 4 OR 5. ROUGH OR VERY
ROUGH, DECREASING MODERATE LATER. RAIN THEN SHOWERS. MODERATE OR POOR BECOMING
GOOD.
