[dns-operations] the mathematics of kaminsky spoofing probability

Shane Kerr shane at ca.afilias.info
Mon Aug 4 09:29:02 UTC 2008


On Mon, 2008-08-04 at 14:44 +0700, Roland Dobbins wrote:
> On Aug 4, 2008, at 2:33 PM, Shane Kerr wrote:
> > The only real outcome that I see is to highlight the seriousness of  
> > the problem. (Or possibly to show that it is not very serious.)
> Situational awareness is a key (if not THE key) element of operational  
> security.  There is tremendous value in knowing if this is taking  
> place, and 'where'.  Not only ICMP unreachables should be monitored,  
> but query/response heuristics for NXDOMAIN, as well if at all possible.

I'm not going to disagree, but rather repeat my question:

What can the operator of an authoritative server do if the operator
detects someone trying to spoof queries on its server?


More information about the dns-operations mailing list