[H-GEN] dns problems
Jason Henry Parker
jasonp at uq.net.au
Tue Sep 4 09:04:00 EDT 2001
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Please observe the list's charter. ]
[ Worthwhile understanding: http://www.humbug.org.au/netiquette.html ]
On Tue, Sep 04, 2001 at 09:50:23PM +1000, Bradley Marshall wrote:
> On Tue, Sep 04, 2001 at 08:12:00PM +1000, Jason Henry Parker wrote:
> > How does a low TTL (and this one _is_ ridiculously low) cause the
> > problems seen? The bind manpage says it's used for negative caching
> > and refers the reader to rfc 2308, which references rfc 1034.
> >
> > It's not clear to me how this problem comes about; how exactly is a
> > low default TTL exploited to wrest control of a record?
> There was apparently a bug in bind 8 that allowed cache
> poisoning if you use forwarders, and the low ttl on anz.com
> makes it is easier for this to happen.
Mmm, okay. I'm still not sure _how_, but it'll do.
> Sure, you could argue that the sites that are using forwarders
> are broken, but do you want to leave your domain at the mercies
> of people upgrading bind?
I'm not disputing your theory on how the records were hijacked; I'm
asking for more information on the mechanics (specifically, what can
J Random User do to avoid the problem).
--
||----|---|------------|--|-------|------|-----------|-#---|-|--|------||
| linux.conf.au 2002 call for papers relased! jasonp at uq.net.au |
| see http://linux.org.au/conf/ #soc.bi on OPN |
||--|--------|--------------|----|-------------|------|---------|-----|-|
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.
More information about the General
mailing list