North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Great Suggestion for the DNS problem...?

  • From: Tony Finch
  • Date: Tue Jul 29 09:41:48 2008

On Mon, 28 Jul 2008, Colin Alston wrote:
>
> In fact, why *don't* implementations discard authoritative responses
> from non-authoritative hosts? Or do we? Or am I horribly wrong?

The response is spoofed so that it appears to come from the correct host.

> There's an argument that IP spoofing can easily derail this, but I'd shift
> that argument higher up the OSI, blame TCP, and move on to recommending SYN
> cookies.

DNS uses UDP.

Tony.
-- 
f.anthony.n.finch  <[email protected]>  http://dotat.at/
THAMES DOVER WIGHT: SOUTH OR SOUTHWEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SLIGHT
OR MODERATE, OCCASIONALLY ROUGH IN WIGHT AT FIRST. THUNDERY SHOWERS. MODERATE
OR GOOD.