[79004] in North American Network Operators' Group
Re: DNS cache poisoning attacks -- are they real?
daemon@ATHENA.MIT.EDU (John Payne)
Mon Mar 28 10:54:31 2005
In-Reply-To: <16967.41002.695813.685381@roam.psg.com>
Cc: "Christopher L. Morrow" <christopher.morrow@mci.com>,
nanog@merit.edu
From: John Payne <john@sackheads.org>
Date: Mon, 28 Mar 2005 10:54:06 -0500
To: Randy Bush <randy@psg.com>
Errors-To: owner-nanog@merit.edu
On Mar 28, 2005, at 1:11 AM, Randy Bush wrote:
>> And to Randy's point about problems with open recursive nameservers...
>> abusers have been known to cache "hijack". Register a domain,
>> configure an authority with very large TTLs, seed it onto known open
>> recursive nameservers, update domain record to point to the open
>> recursive servers rather than their own. Wammo, "bullet proof" dns
>> hosting.
>
> as has been said here repeatedly, you should not be running servers,
> recursive or not, on old broken and vulnerable software.
Huh? I think you do not understand. Do not mistake "cache hijack"
for "cache poison".
This is _nothing_ to do with what you're running on the recursive
nameserver. It is doing _exactly_ what it is supposed to do. Get
answers, store in cache, respond to queries from cache if TTL isn't
expired.