[79939] in North American Network Operators' Group
Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations
daemon@ATHENA.MIT.EDU (Florian Weimer)
Mon Apr 18 15:49:32 2005
From: Florian Weimer <fw@deneb.enyo.de>
To: Jason Frisvold <xenophage0@gmail.com>
Cc: Daniel Golding <dgolding@burtongroup.com>,
Chris Adams <cmadams@hiwaay.net>, nanog@merit.edu
Date: Mon, 18 Apr 2005 21:45:54 +0200
In-Reply-To: <924f292805041812052803616c@mail.gmail.com> (Jason Frisvold's
message of "Mon, 18 Apr 2005 15:05:55 -0400")
Errors-To: owner-nanog@merit.edu
* Jason Frisvold:
> I think this is more of a question of who to trust. Caching, in
> general, isn't a bad thing provided that TTL's are adhered to. If the
> poisoning attack were to inject a huge TTL value, then that would
> compromise that cache. (Note, I am no expert on dns poisoning, so I'm
> not sure if the TTL is "attackable")
I'm not sure if you can poison the entire cache of a stub resolver
(which can't do recursive lookups on its own). I would expect that
the effect is limited to a particular DNS record, which in turn should
expire after the hard TTL limit (surely there is one).
