A question on vulnerable to DNS Cache Poisoning
Brad Knowles
brad at stop.mail-abuse.org
Tue Oct 4 16:24:21 UTC 2005
At 5:56 AM -0600 2005-10-04, Sabat Gangadhar wrote:
> Where is it documented that Bind 9.2 is not vulnerable to DNS Cache
> Poisoning?
See the BIND web pages and the documentation that comes with BIND.
> Is Bind automatically set to not cache reverse/cross
> referrals?
BIND-9 will ignore out-of-zone glue, which is the big problem
with cache pollution/poisoning. There are other ways to attack your
cache and get you to put in data that shouldn't be there, but they
take a lot more work to make happen.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the bind-users
mailing list