[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning

Paul Vixie vixie at isc.org
Fri Jul 11 14:17:22 UTC 2008

> > If BCP38 were implemented Internet-wide, how exactly would you poison
> > a recursive name server?
> spoofing is utterly and completely irrelevant to poisoning a nameserver.
> please show how it is at all needed.

whoa.  same planet, different worlds.  did you read amit klein's papers?
did you read forgery-resilience?  it is necessary, in order to get a cache
to accept something, to correctly match its expectation in the tuple
<servaddr,cliport,qname,qclass,qtype,qid> for some outstanding query that
it has made and is waiting an answer to.  i know of no way to match this
tuple with an attack-o-gram unless i can spoof <servaddr>.  that's how
cache poisoning works.  that's how it's always worked.

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the dns-operations mailing list