[dns-operations] Description of the "Kashpureff-style DNS cache corruption attack"

Florian Weimer fw at deneb.enyo.de
Sun Nov 26 19:19:34 UTC 2006

* Peter Dambier:

> The real attack is a little bit more elaborated but the trick is:
> Ask for a domain where you control the nameservers and return
> glue records for a domain you are not really authoritative for.

I've figured out that much (and I've seen quite a few of the
"attacks", which looked more like a configuration shortcuts to me).

But I don't see how BIND 9 in forward-only mode would care about glue.
Even if the resolver has got a wrong view of who's authoritative for
what, it shouldn't matter because all queries are sent through the
forwarders.  And they should know what they are doing.

More information about the dns-operations mailing list