North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Jonathan Yarden @ TechRepublic: Disable DNS caching on workstations
On Mon, Apr 18, 2005 at 03:05:55PM -0400, Jason Frisvold said something to the effect of: > > On 4/18/05, Daniel Golding <[email protected]> wrote: > > > > > > Aside from individual OS behavior, doesn't this seem like very bad advice? > > I think this is more of a question of who to trust. Caching, in > general, isn't a bad thing provided that TTL's are adhered to. If the > poisoning attack were to inject a huge TTL value, then that would > compromise that cache. (Note, I am no expert on dns poisoning, so I'm > not sure if the TTL is "attackable") > > However, on the flip side, if nothing is ever cached, then I would > expect a huge amount of bandwidth to be eaten up by DNS queries. You are right. Time spent in security for an ISP yielded many DoS-against-the-DNS-server complaints that turned out to be some query-happy non-cachers pounding away at the server. The solution: block the querying IP from touching the DNS server. Somehow, I think that might have hampered their name resolution efforts...? ;) cache me if you can, --ra > > I think a seasoned op knows when to use caching and when to not use > caching, but the everyday Joe User has no idea what caching is. If > they see a technical article telling them to turn off caching because > it will help stop phishing attacks (which they know are bad because > everyone says so), then they may try to follow that advice. Aside > from the "I broke my computer" syndrome, I expect they'll be very > disappointed when their internet access becomes visibly slower because > everything requires a new lookup... > > Is it possible to "prevent" poisoning attacks? Is it beneficial, or > even possible, to prevent TTL's from being an excessively high value? > > -- > Jason 'XenoPhage' Frisvold > [email protected] -- rachael treu gomes [email protected] ..quis custodiet ipsos custodes?.. (this email has been brought to you by the letters 'v' and 'i'.)
|