[dns-operations] Description of the "Kashpureff-style DNS cache corruption attack"

Peter Dambier peter at peter-dambier.de
Sun Nov 26 21:33:39 UTC 2006

Florian Weimer wrote:
> * Peter Dambier:
>>The real attack is a little bit more elaborated but the trick is:
>>Ask for a domain where you control the nameservers and return
>>glue records for a domain you are not really authoritative for.
> I've figured out that much (and I've seen quite a few of the
> "attacks", which looked more like a configuration shortcuts to me).
> But I don't see how BIND 9 in forward-only mode would care about glue.
> Even if the resolver has got a wrong view of who's authoritative for
> what, it shouldn't matter because all queries are sent through the
> forwarders.  And they should know what they are doing.

It is the outside resolver that I would be careful about.

I am very fond with BIND 9.4.0b2 and I shall be trying b4 soon.

I have seen BIND 9 only caching things I queried for. No, I
dont think it is interested in the glue.

Kind regards
Peter and Karin

Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher-Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com

More information about the dns-operations mailing list