Bind9 and Cache Poisoning problems
Hyung-Jin Kim
khj at nida.or.kr
Mon Sep 12 11:12:19 UTC 2005
Can anybody help clarify about Bind9 and Cache Poisoning problems?=20
I tried to find any specific mention of this mail-list but I couldn't.
I understand that BIND 8 and BIND 9 both have the problem about birthday
attack.
and birthday attack can break the random query ID and it doesn't rely on =
the
bind versions.
(when the huge number of Queries with Reponses arrives, the record have =
the
possibility to poisoned in the name server's cache)
Although, I found at the ISC Web Page that BIND9 appears to fix this =
problem
and
all name servers used as forwarders should be upgraded to BIND 9 for
protecting against cache poisoning.
In that case, I wonder If the DNS cache poisoning isn't possible with
version of BIND9 then,=20
what is the point to be updated in Bind9 for prevent from cache =
Poisoning
attacks except ACLs & BlackHolings ?
Thanks for any help.
Hyung-jin, Kim=20
National Internet Development Agency of Korea (NIDA)
More information about the bind-users
mailing list