Dynamic DNS
Pierre LEONARD
Pierre.Leonard at edf.fr
Tue Feb 6 09:46:47 UTC 2001
Hi Kevin,
And thank for tese informations.
> The difference is one of scale. If someone hijacks the address of your HTTP or
SMTP server, i.e. a "leaf" node, they get the opportunity to intercept your
web
and/or mail traffic for a variable amount of time, which you can control
somewhat by tuning your TTL values. If they hijack the address of your NS,
however --
a "branch" node -- then they can run a nameserver which advertises any NS list
they want for your domain (including perhaps addresses of otherr servers
under
their control!) with a large TTL, and everyone will keep going back to those
nameservers for information about your domain, instead of your nameservers.
So
instead of a hijack of mere minutes or hours, for only *some* of the names in
your domain, potentially they could hijack your *entire* domain for days or
even
weeks. Which is a much bigger exposure.
OK I understand what do you means, But does that means, that if I put a TTL of 60s for the A entry of my secondary DNS, the other DNS that will cache that reference don't work with that shorter TTL ?
Making the older address valide for name service even after the change.
Sincerely
Pierre Léonard
More information about the bind-users
mailing list