Switching to TCP in BIND.
Sam.Wilson at ed.ac.uk
Wed May 5 09:48:02 UTC 2010
In article <mailman.1395.1273052339.21153.bind-users at lists.isc.org>,
Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> On Wed, May 05, 2010 at 09:35:38AM +0100,
> Sam Wilson <Sam.Wilson at ed.ac.uk> wrote
> a message of 22 lines which said:
> > > It seems (not tested by me) that Nominum CNS does that: when many
> > > responses arrive which do not match (src IP address, query ID, etc)
> > > any pending answer, it switches to TCP, assuming someone tries to
> > > poison it.
> > >
> > > This is supposed to be a protection against the Kaminsky attack.
> > Interesting. "Switches" by what means?
> I don't understand the question. When detecting an attack, CNS decides
> to query the authoritative name servers with TCP instead of querying
> with UDP as it does by default, that's all.
Yeah - I misunderstood the original description and had in my mind CNS
getting spoofed responses and causing the original querier to retry with
TCP. I understand now.
More information about the bind-users