Switching to TCP in BIND.

Sam Wilson Sam.Wilson at ed.ac.uk
Wed May 5 09:48:02 UTC 2010

In article <mailman.1395.1273052339.21153.bind-users at lists.isc.org>,
 Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:

> On Wed, May 05, 2010 at 09:35:38AM +0100,
>  Sam Wilson <Sam.Wilson at ed.ac.uk> wrote 
>  a message of 22 lines which said:
> > > It seems (not tested by me) that Nominum CNS does that: when many
> > > responses arrive which do not match (src IP address, query ID, etc)
> > > any pending answer, it switches to TCP, assuming someone tries to
> > > poison it.
> > >  
> > > This is supposed to be a protection against the Kaminsky attack.
> > 
> > Interesting.  "Switches" by what means? 
> I don't understand the question. When detecting an attack, CNS decides
> to query the authoritative name servers with TCP instead of querying
> with UDP as it does by default, that's all.

Yeah - I misunderstood the original description and had in my mind CNS 
getting spoofed responses and causing the original querier to retry with 
TCP.  I understand now.



More information about the bind-users mailing list