SRV records and cache poisoning (full)

Stefan Puiu stefan.puiu at
Tue Jun 7 07:16:54 UTC 2005

>         Stub resolvers need to trust their caching servers to have
>         anti-poisioning support.  Stub resolvers don't have enough
>         information to detect poisioning.  This assumes DNSSEC is
>         not available for the zone that is the target of the
>         poisoning.  If DNSSEC is available them the stub resolver
>         can verify the answer.

So am I to understand that a sane caching nameserver will remove that record from the additional section of the reply? And
that it will do some sort of filtering on the additional section in

Thanks for the reply,

More information about the bind-users mailing list