wrong reverse dns answer, corrupted cache
Doug Barton
DougB at DougBarton.net
Sun Jan 27 19:14:00 UTC 2002
Nate Campi wrote:
>
> On Fri, Jan 25, 2002 at 06:42:49PM -0800, Doug Barton wrote:
> >
> > On Fri, 25 Jan 2002, Kevin Darcy wrote:
> >
> > > Modern versions of BIND tend to be immune from this form of cache poisoning
> > > because they keep good track of "credibility" and won't overwrite data of
> > > high credibility (e.g. the delegation from arpa to in-addr.arpa) with data of
> > > low credibility (e.g. hinet.net's outrageous claims of in-addr.arpa
> > > authoritativeness). However, older versions of BIND, and non-BIND nameserver
> > > software, may still get poisoned.
> >
> > Would that this were true. My mixture of BIND 8.2.[45] name
> > servers regularly got poisoned with this exact same crap until I marked
> > those name servers bogus. It didn't always last very long, but my servers
> > did cache the answer sometimes.
>
> Doug,
>
> Don't take this the wrong way, but are you sure?
Completely. Not only was the dig output unambiguous, but I dumped the
db the last time it happened and the record was there clear as day.
--
"We will not tire, we will not falter, and we will not fail."
- George W. Bush, President of the United States
September 20, 2001
Do YOU Yahoo!?
More information about the bind-users
mailing list