SRV records and cache poisoning (full)

Stefan Puiu stefan.puiu at
Wed Jun 8 05:35:45 UTC 2005

Ok, I'll try this once again, since one more email seems to have been
lost in outer space leaving from gmail...

On 6/7/05, Mark Andrews <Mark_Andrews at> wrote:
>         Stub resolvers need to trust their caching servers to have
>         anti-poisioning support.  Stub resolvers don't have enough
>         information to detect poisioning.  This assumes DNSSEC is
>         not available for the zone that is the target of the
>         poisoning.  If DNSSEC is available them the stub resolver
>         can verify the answer.

So am I to understand that newer versions of BIND filter out
additional data in answers from authoritative nameservers when
following referrals? Not that I would want to rely on that, I'm just

More information about the bind-users mailing list