What to do about HiNet cache poisoning?
Mark_Andrews at isc.org
Mark_Andrews at isc.org
Tue Apr 23 00:53:00 UTC 2002
It's time they got reported to law enforcement authorities.
Many people have sent them requests to cease and desist.
They continue to deliberately poison caches.
Mark
>
> Are you running a really old version of BIND 8? Later versions are pretty
> much immune to this form of cache poisoning, except, I understand, for
> certain pathological forwarding configurations. I think BIND 9 is
> completely immune.
>
> In the interim, you can always use "bogus" in a "server" clause, or the
> "blackhole" option, to protect yourself against HiNet's bogus claims of
> authority.
>
>
> - Kevin
>
> Rob van der Putten wrote:
>
> > Hi there
> >
> > I happen to stumble on this one yesterday;
> > sput:~$ soa in-addr.arpa.
> > in-addr.arpa SOA hntp1.hinet.net hostmaster.hinet.net (
> > 200204180 ;serial (version)
> > 21600 ;refresh period (6 hours)
> > 7200 ;retry interval (2 hours)
> > 3600000 ;expire time (5 weeks, 6 days, 16 hours)
> > 86400 ;default ttl (1 day)
> > )
> >
> > And this morning;
> > sput:~$ ns in-addr.arpa.
> > in-addr.arpa NS ipdns2.hinet.net
> > in-addr.arpa NS ipdns1.hinet.net
> >
> > HiNet is a notorious spammer. They actually send nothing but spam.
> > Apearently they branched out into cache poisoning.
> >
> > What I think happenend is the following;
> > HiNet tries to deliver mail at my box.
> > My box does a reverse lookup on their IP address.
> > Their NS tells my NS that they are authoritive for in-addr.arpa and my
> > box is foolish enough to cache this data.
> >
> > Various variations on this theme are possible. What they all have in
> > common is a nameserver caching answers to questions it didn't ask.
> >
> > How can I tell my NS to ingnore (don't cache) anything it didn't
> > specificly ask for?
> > Is this possible with Bind 8.x? Do I need Bind 9? Or do I need something
> > completely differend?
> > And why doesn't Bind stick to what's in db.root instead of listening to
> > HiNet lies? The Hinet NS probably claims that their info is more recent.
> > But that doesn't make them more reliable.
> >
> > Regards,
> > Rob
> > --
> > +----------------------------------------------------------------------+
> > | Rob van der Putten, rob at sput.nl |
> > | http://www.sput.nl/spam-policy.html |
> > +----------------------------------------------------------------------+
>
>
--
Mark Andrews, Internet Software Consortium
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at isc.org
More information about the bind-users
mailing list