North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: DNS cache poisoning attacks -- are they real?
On Tue, 2005-03-29 at 05:37, Simon Waters wrote: > > The answers from a recursive servers won't be marked authoritative (AA bit not > set), and so correct behaviour is to discard (BIND will log a lame server > message as well by default) these records. > > If your recursive resolver doesn't discard these records, suggest you get one > that works ;) In a perfect world, this might be a viable solution. The problem is there are far too many legitimate but "broken" name servers out there. On an average day I log well over 100 lame servers. If I broke this functionality, my helpdesk would get flooded pretty quickly with angry users. HTH, Chris
|