[79059] in North American Network Operators' Group
Re: DNS cache poisoning attacks -- are they real?
daemon@ATHENA.MIT.EDU (Sam Hayes Merritt, III)
Tue Mar 29 13:57:04 2005
Date: Tue, 29 Mar 2005 12:56:37 -0600 (CST)
From: "Sam Hayes Merritt, III" <sam@themerritts.org>
To: nanog@merit.edu
In-Reply-To: <1112111956.2101.140.camel@grendel>
Errors-To: owner-nanog@merit.edu
> When I reported this the bug/feature was changed but I noticed a while
> back (late 8.x maybe 9.0) that it is back. So if the purp can get you to
> the wrong server only once it may be possible to keep you there.
It was actually fixed in 9.2.3rc1.
1429. [bug] Prevent the cache getting locked to old servers.
See this thread: http://marc.theaimsgroup.com/?t=111057230600004&r=1&w=4
Of course I still don't think its a bug, and it forced people to remember
to actually finish the job when they moved their DNS around. But whatever,
its easier than doing a rndc flushname name (which finally got put in).
sam
