What to do about HiNet cache poisoning?

Mark_Andrews at isc.org Mark_Andrews at isc.org
Tue Apr 23 22:07:10 UTC 2002


> In article <aa27p7$ock at pub3.rc.vix.com>, Rob van der Putten wrote:
> > 
> > Hi there
> > 
> > 
> > I happen to stumble on this one yesterday;
> > sput:~$ soa in-addr.arpa.
> > in-addr.arpa            SOA     hntp1.hinet.net hostmaster.hinet.net (
> >                         200204180       ;serial (version)
> >                         21600   ;refresh period (6 hours)
> >                         7200    ;retry interval (2 hours)
> >                         3600000 ;expire time (5 weeks, 6 days, 16 hours)
> >                         86400   ;default ttl (1 day)
> >                         )
> > 
> > And this morning;
> > sput:~$ ns in-addr.arpa.
> > in-addr.arpa            NS      ipdns2.hinet.net
> > in-addr.arpa            NS      ipdns1.hinet.net
> 
> Run djbdns dnscache, that will not ever fall for this kind of trick. I am
> amazed that bind 8.x still does.

	It doesn't unless it is behind a forwarder and the forwarder lets
	the bogus data through.  Balliwick doesn't work behind a forwarder.

 
> Regards,
> 
> bert
> 
> 
> -- 
> http://www.PowerDNS.com/pdns  Try our new database driven nameserver! 
> http://www.tk                               the dot in .tk
> http://lartc.org            Linux Advanced Routing & Traffic Control HOWTO
> 
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org


More information about the bind-users mailing list