Re: Great Suggestion for the DNS problem...?

• From: Colin Alston
• Date: Tue Jul 29 09:57:33 2008

• List-archive: <http://mailman.nanog.org/pipermail/nanog>
• List-help: <mailto:[email protected]?subject=help>
• List-id: North American Network Operators Group <nanog.nanog.org>
• List-post: <mailto:[email protected]>
• List-subscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=subscribe>
• List-unsubscribe: <http://mailman.nanog.org/mailman/listinfo/nanog>, <mailto:[email protected]?subject=unsubscribe>

On Mon, 28 Jul 2008, Colin Alston wrote:

In fact, why *don't* implementations discard authoritative responses
from non-authoritative hosts? Or do we? Or am I horribly wrong?

The response is spoofed so that it appears to come from the correct host.

There's an argument that IP spoofing can easily derail this, but I'd shift
that argument higher up the OSI, blame TCP, and move on to recommending SYN
cookies.

DNS uses UDP.

• Follow-Ups:
  • Re: Great Suggestion for the DNS problem...? Steven M. Bellovin
  • Re: Great Suggestion for the DNS problem...? Laurence F. Sheldon, Jr.

• References:
  • Great Suggestion for the DNS problem...? Jay R. Ashworth
  • Re: Great Suggestion for the DNS problem...? Colin Alston
  • RE: Great Suggestion for the DNS problem...? Tomas L. Byrnes
  • Re: Great Suggestion for the DNS problem...? Jay R. Ashworth
  • Re: Great Suggestion for the DNS problem...? Colin Alston
  • Re: Great Suggestion for the DNS problem...? Tony Finch

• Prev by Date: Re: Federal Government Interest in your patch progress
• Next by Date: Re: Great Suggestion for the DNS problem...?
• Date Index
• Thread Index
• Author Index
• Historical