[60372] in North American Network Operators' Group
Re: AOL breaking dns spoof protection
daemon@ATHENA.MIT.EDU (Paul Vixie)
Thu Aug 7 17:27:51 2003
To: nanog@merit.edu
From: Paul Vixie <vixie@vix.com>
Date: 07 Aug 2003 21:24:43 +0000
In-Reply-To: <01dd01c35d19$4772b050$812a40c1@PETEX31>
Errors-To: owner-nanog-outgoing@merit.edu
pete@he.iki.fi ("Petri Helenius") writes:
> I=B4m constantly seeing responses to queries for AOL servers which come
> in from different IP addresses than the query was sent to.
due to the weakness of the 16-bit query id field, bind will throw that
stuff away. the source address and port has to match the destination
of the query, and the question section has to be copied in its entirety.
i don't know who aol is going to be able to send responses to who won't
apply those same restrictions.
