Cache poisoning

[Peter Dambier]

Thankyou James for translating :)

Hi John,

James A Griffin wrote:
> John Khoon wrote:
> 
>>SGVsbG8uDQoNCkkgd291bGQgbGlrZSB0byBhc2sgYWJvdXQgY2FjaGUgcG9pc29uaW5nLg0KDQpE
>>b2VzIElTQyByZWNvbW1hbmQgd2hpY2ggQklORCB2ZXJzaW9ucyBoYXZlIHRvIGJlIHVwZGF0ZWQg
>>Zm9yIGNhY2hlIHBvaXNvbmluZz8NCg0KSXMgQklORCA0IGFmZmVjdGVkIGJ5IGNhY2hlIHBvc2lv
>>bmluZz8NCg0KQWN0dWNhbGx5LCBvbmUgb2YgbXkgbmFtZSBzZXJ2ZXJzIGlzIHJ1bm5pbmcgQklO
>>RCA4LjIuNywgYnV0IHRoaXMgbWFjaGluZSBwZXJmb3JtYW5jZSBpcyBwcmV0dHkgYmFkLCBzbw0K
>>DQpJIGhhdmUgZGlmZmlkdWx0eSBvZiB1cGRhdGluZyBsYXRlc3QgQklORCB2ZXJzaW9uLiBXaGlj
>>aCB2ZXJzaW9uIGlzIGdvb2QgZm9yIHRoaXMgbWFjaGluZT8NCg0KVGhhbmsgeW91IGZvciB5b3Vy
>>IHRpbWUgYW5kIGNvbnNpZGVyYXRpb25zDQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
>>LS0tLS0tLS0tLS0NCkpvaG4gS2hvb24=
>>
>>
>> 
> 
> John still send messages in base64 encoding.  Here is the decode:
> ---------------------------------------------------------------------------
> Hello.
> 
> I would like to ask about cache poisoning.
> 
> Does ISC recommand which BIND versions have to be updated for cache 
> poisoning?
> 

I am not ISC, but I have seen that you have to upgrade to 9.x to
be safe from poisoning.

> Is BIND 4 affected by cache posioning?

Yes, it is.

> 
> Actucally, one of my name servers is running BIND 8.2.7, but this 
> machine performance is pretty bad, so
> 
> I have diffidulty of updating latest BIND version. Which version is good 
> for this machine?

Try 9.3, its performance should be better now.

I am running 9.3 on a IBM 486/SCL2 processor with 66 MHz and only 16 MB ram.
you might call this machine an Intel 386. The peripherals are 386 type and
it has an external 80387 mathprocessor.

This machine is a slave for a.public-root.net root-server and it slaves some
50 zones. It it my personal resolver. I have not seen any performance issues
but I am the only user on this machine. There are a lot of background jobs
running and the machine is my DSL-router running PPPoE to my ISP.

> 
> Thank you for your time and considerations
> 
> ----------------------------------------
> John Khoon
> 
> 

Dont close your eyes. There are alternatives to bind but it depends what
your machine has to do. Resolver? Authoritative server?

One solution I prefer doing on my system is contrary to school teaching:

My bind is a resolver. But I do clone all zones that a important to me.
That is my bind runs as slave for the root. I dont have a hints file.

I have mixed resolving and authoritative serving. As a result nobody
can poison the zones my server is authoritative for. But on the other
hand, nobody from outside can see my server, so there is little chance
of intentionally poisoning.

Regards,
Peter and Karin Dambier
Public-Root


-- 
Peter and Karin Dambier
Public-Root
Graeffstrasse 14
D-64646 Heppenheim
+49-6252-671788 (Telekom)
+49-179-108-3978 (O2 Genion)
mail: peter at peter-dambier.de
http://iason.site.voila.fr
http://www.kokoom.com/iason