wrong reverse dns answer, corrupted cache

Mark_Andrews at isc.org Mark_Andrews at isc.org
Sun Jan 27 23:31:36 UTC 2002 

> 
> On Sun, Jan 27, 2002 at 11:14:00AM -0800, Doug Barton wrote:
> > Nate Campi wrote:
> > > 
> > > On Fri, Jan 25, 2002 at 06:42:49PM -0800, Doug Barton wrote:
> > > >
> > > > On Fri, 25 Jan 2002, Kevin Darcy wrote:
> > > >
> > > > > Modern versions of BIND tend to be immune from this form of cache poi
> soning
> > > > > because they keep good track of "credibility" and won't overwrite dat
> a of
> > > > > high credibility (e.g. the delegation from arpa to in-addr.arpa) with
>  data of
> > > > > low credibility (e.g. hinet.net's outrageous claims of in-addr.arpa
> > > > > authoritativeness). However, older versions of BIND, and non-BIND nam
> eserver
> > > > > software, may still get poisoned.
> > > >
> > > >       Would that this were true. My mixture of BIND 8.2.[45] name
> > > > servers regularly got poisoned with this exact same crap until I marked
> > > > those name servers bogus. It didn't always last very long, but my serve
> rs
> > > > did cache the answer sometimes.
> > > 
> > > Doug,
> > > 
> > > Don't take this the wrong way, but are you sure?
> > 
> > 	Completely. Not only was the dig output unambiguous, but I dumped the
> > db the last time it happened and the record was there clear as day.
> 
> Maybe for all our benefit you could share information on the actual
> servers that poisoned your cache and the RRs/domains that caused the
> trouble. We can test against 8.3.0.
> 
> TIA,

	The thing Doug has failed to mention is that he sees this on
	servers *behind* a forwarder.  There is no "baliwick" when you
	are behind a forwarder.

	BIND 8 prior to 8.2.5 would allow records to slip through in the
	answer it sent on that it didn't cache.

1232.   [bug]           don't assume the forwarder has dropped bogus records.

1231.   [bug]           always restart a query if we dropped records when
                        parsing.

	Mark
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: Mark.Andrews at isc.org

More information about the bind-users mailing list