What to do about HiNet cache poisoning?
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Tue Apr 23 22:07:10 UTC 2002
> In article <aa27p7$ock at pub3.rc.vix.com>, Rob van der Putten wrote:
> >
> > Hi there
> >
> >
> > I happen to stumble on this one yesterday;
> > sput:~$ soa in-addr.arpa.
> > in-addr.arpa SOA hntp1.hinet.net hostmaster.hinet.net (
> > 200204180 ;serial (version)
> > 21600 ;refresh period (6 hours)
> > 7200 ;retry interval (2 hours)
> > 3600000 ;expire time (5 weeks, 6 days, 16 hours)
> > 86400 ;default ttl (1 day)
> > )
> >
> > And this morning;
> > sput:~$ ns in-addr.arpa.
> > in-addr.arpa NS ipdns2.hinet.net
> > in-addr.arpa NS ipdns1.hinet.net
>
> Run djbdns dnscache, that will not ever fall for this kind of trick. I am
> amazed that bind 8.x still does.
It doesn't unless it is behind a forwarder and the forwarder lets
the bogus data through. Balliwick doesn't work behind a forwarder.
> Regards,
>
> bert
>
>
> --
> http://www.PowerDNS.com/pdns Try our new database driven nameserver!
> http://www.tk the dot in .tk
> http://lartc.org Linux Advanced Routing & Traffic Control HOWTO
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list