Master to Slave Schedule to Avoid Poison Propegation
Danny Mayer
comp-protocols-dns-bind at isc.org
Sun Aug 14 14:33:33 UTC 2005
Barry Margolin wrote:
> In article <ddlp7t$tag$1 at sf1.isc.org>, Danny Mayer <mayer at gis.net>
> wrote:
>
>
>>Brad Knowles wrote:
>>
>>>At 6:29 AM -0700 2005-08-12, Danimal wrote:
>>>
>>>
>>>
>>>>So for example if the master somehow became compromised we could remove
>>>>it from the network before it infected the DNS records of the slave.
>>>>
>>
>>I think you're confused. An authorative nameserver's data cannot be
>>compromised, at least not via cache poisoning since it will never accept
>>records for zones for which it is authorative.
>
>
> Who said anything about cache poisoning? I interpreted the OP to be
> talking about someone breaking into the system, or perhaps using a BIND
> exploit to insert new authoritative data (for instance, a bug in dynamic
> update ACL checking).
>
If they can break in then they have far worse problems than worrying
about poisoning the slaves. Maybe we should let the OP clarify.
> Using a hidden master doesn't prevent this, although it might make it
> harder for the cracker to find the machine they need to compromise. But
> if they break into one of the slaves, they can find out the master's
> address from its named.conf.
>
That's not even hard. See the SOA record.
Danny
More information about the bind-users
mailing list