[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning

Lutz Donnerhacke lutz at iks-jena.de
Fri Jul 11 14:37:07 UTC 2008

* Paul Vixie wrote:
> whoa.  same planet, different worlds.  did you read amit klein's papers?
> did you read forgery-resilience?  it is necessary, in order to get a cache
> to accept something, to correctly match its expectation in the tuple
><servaddr,cliport,qname,qclass,qtype,qid> for some outstanding query that
> it has made and is waiting an answer to.  i know of no way to match this
> tuple with an attack-o-gram unless i can spoof <servaddr>.  that's how
> cache poisoning works.  that's how it's always worked.

You can mount several attacks from your own authoritive nameserver. It's
tricky to convince the resolver to believe in data outside your zone, but
think about the problems we had with (errornous) lame delegation.

More information about the dns-operations mailing list