[dns-operations] DNS vulnerability: lowering risks by forwarding?
gilles.massen at restena.lu
Thu Jul 10 09:32:10 UTC 2008
Lutz Donnerhacke wrote:
> * Gilles Massen wrote:
> > A very practical question: would a (potentially open) resolver be less at
> > risk if it forwarded all the queries to a 'good' resolver?
> If you control the last mile between the vulnerable and the patched
> resolver (especially against spoofing): Yes, this is a workaround.
Thanks! The last mile is reasonably spoofing proof, except possibly from
client machines on the same subnet as the vulnerable resolvers. But these
would have much more powerful weapons anyway...
More information about the dns-operations