[H-GEN] dns problems

Jason Henry Parker jasonp at uq.net.au
Tue Sep 4 09:04:00 EDT 2001


[ Humbug *General* list - semi-serious discussions about Humbug and  ]
[ Unix-related topics.  Please observe the list's charter.           ]
[ Worthwhile understanding: http://www.humbug.org.au/netiquette.html ]

On Tue, Sep 04, 2001 at 09:50:23PM +1000, Bradley Marshall wrote:
> On Tue, Sep 04, 2001 at 08:12:00PM +1000, Jason Henry Parker wrote:
> > How does a low TTL (and this one _is_ ridiculously low) cause the
> > problems seen?  The bind manpage says it's used for negative caching
> > and refers the reader to rfc 2308, which references rfc 1034.
> >
> > It's not clear to me how this problem comes about; how exactly is a
> > low default TTL exploited to wrest control of a record?
> There was apparently a bug in bind 8 that allowed cache
> poisoning if you use forwarders, and the low ttl on anz.com
> makes it is easier for this to happen.

Mmm, okay.  I'm still not sure _how_, but it'll do.

> Sure, you could argue that the sites that are using forwarders
> are broken, but do you want to leave your domain at the mercies
> of people upgrading bind?

I'm not disputing your theory on how the records were hijacked; I'm
asking for more information on the mechanics (specifically, what can
J Random User do to avoid the problem).
-- 
||----|---|------------|--|-------|------|-----------|-#---|-|--|------||
| linux.conf.au 2002 call for papers relased!          jasonp at uq.net.au |
| see http://linux.org.au/conf/                          #soc.bi on OPN |
||--|--------|--------------|----|-------------|------|---------|-----|-|

--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.



More information about the General mailing list