How do I randomize the DNS source port number?

Jim Reid jim at rfc1035.com
Sat Jul 27 10:45:08 UTC 2002


>>>>> "Simon" == Simon Waters <Simon at wretched.demon.co.uk> writes:

    Simon> Cache poisoning isn't a DoS attack. 

It is a DoS attack. But not one on DNS service. Suppose your name
server's cache gets poisoned with bogus MX records for aol.com (say).
That's a DoS on any mail you send to aol.com. Your mail will get
delivered to wherever those bogus MX records say, not the real aol.com
mail servers.

You'd be right to say cache poisioning is not a DoS on the name server
itself as it would continue to answering queries, albeit with possibly
false data. But what about poisoning with bogus NS records? Hmmmm....


More information about the bind-users mailing list