[dns-operations] CERT VU#800113 Multiple DNS implementations vulnerable to cache poisoning
Patrick W. Gilmore
patrick at ianai.net
Fri Jul 11 15:28:43 UTC 2008
On Jul 11, 2008, at 10:03 AM, Lutz Donnerhacke wrote:
> * Patrick W. Gilmore wrote:
>> I know people think I am being silly these days, but I have another
>> silly question: If BCP38 were implemented Internet-wide, how exactly
>> would you poison a recursive name server?
>
>>
> From inside the AS, i.e. from the LAN.
>
First, LAN != AS. If I have a server on the same _LAN_ as yours, you
have other problems.
Second, does BCP38 does not say "only filter at your AS boundary"?
uRPF is much more granular than that.
--
TTFN,
patrick
More information about the dns-operations
mailing list