[dns-operations] Description of the "Kashpureff-style DNS cache corruption attack"

Peter Dambier peter at peter-dambier.de
Sun Nov 26 21:51:58 UTC 2006

Paul Vixie wrote:
> i'm told that some/all versions of the microsoft recursive name server suffer
>>from the same problem.  and of course most BIND4 servers suffer from not only
> this problem but the original problem of being willing to cache the pollution
> and reuse it.  BIND9 and PowerDNS are fully regenerative, a requestor never
> hears anything that came from a remote authority server, every response is
> generated from the cache, and the cache is protected from pollution.

I have seen a problem with a server that is reported to run the microsoft

The box is running its own rootzone and several other zones and the box
is running as a resolver for a small group of people.

That box repeatedly "forgot" TLDs out of its rootzone. You could "dig axfr"
and veryfy. The box had got Alzheimer :)

Peter and Karin

Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher-Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: peter at peter-dambier.de
mail: peter at echnaton.serveftp.com

More information about the dns-operations mailing list