[79121] in North American Network Operators' Group
Re: DNS cache poisoning attacks -- are they real?
daemon@ATHENA.MIT.EDU (John Payne)
Wed Mar 30 23:48:40 2005
In-Reply-To: <1112092669.15380.TMDA@mercury.zynet.net>
Cc: Randy Bush <randy@psg.com>, nanog@merit.edu
From: John Payne <john@sackheads.org>
Date: Wed, 30 Mar 2005 23:47:40 -0500
To: Simon Waters <simonw@zynet.net>
Errors-To: owner-nanog@merit.edu
On Mar 29, 2005, at 5:37 AM, Simon Waters wrote:
> The answers from a recursive servers won't be marked authoritative (AA
> bit not
> set), and so correct behaviour is to discard (BIND will log a lame
> server
> message as well by default) these records.
As others have pointed out, BZZZZT
> If your recursive resolver doesn't discard these records, suggest you
> get one
> that works ;)
Yeah, problem is, it ain't my recursive resolver that's the problem...
I don't actually follow links in spam (shock, horror), just pointing
out the problem.
