SRV records and cache poisoning (full)
Stefan Puiu
stefan.puiu at gmail.com
Wed Jun 8 05:35:45 UTC 2005
Ok, I'll try this once again, since one more email seems to have been
lost in outer space leaving from gmail...
On 6/7/05, Mark Andrews <Mark_Andrews at isc.org> wrote:
> Stub resolvers need to trust their caching servers to have
> anti-poisioning support. Stub resolvers don't have enough
> information to detect poisioning. This assumes DNSSEC is
> not available for the zone that is the target of the
> poisoning. If DNSSEC is available them the stub resolver
> can verify the answer.
>=20
So am I to understand that newer versions of BIND filter out
additional data in answers from authoritative nameservers when
following referrals? Not that I would want to rely on that, I'm just
curious.
More information about the bind-users
mailing list