[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning

[Paul Vixie]

> > If BCP38 were implemented Internet-wide, how exactly would you poison
> > a recursive name server?
> 
> spoofing is utterly and completely irrelevant to poisoning a nameserver.
> please show how it is at all needed.

whoa.  same planet, different worlds.  did you read amit klein's papers?
did you read forgery-resilience?  it is necessary, in order to get a cache
to accept something, to correctly match its expectation in the tuple
<servaddr,cliport,qname,qclass,qtype,qid> for some outstanding query that
it has made and is waiting an answer to.  i know of no way to match this
tuple with an attack-o-gram unless i can spoof <servaddr>.  that's how
cache poisoning works.  that's how it's always worked.


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.