[dns-operations] AT&T DNS Cache Poisoning?

Florian Weimer fw at deneb.enyo.de
Sun Oct 28 21:32:04 UTC 2012

* Stephane Bortzmeyer:

> On Sun, Oct 28, 2012 at 02:22:04AM -0400,
>  Paul Wouters <paul at cypherpunks.ca> wrote 
>  a message of 20 lines which said:
>> You missed the announcement of the 450 million downloads by iOS6 of
>> the IANA root key?
> Poisoning the cache of an one-user iPhone is fun but less useful than
> poisoning the caches of AT&T, Verizon or Comcast...

If that was the case, we wouldn't have deployed DNSSEC, but reduced
the impact of cache poisoning. 8-/

(You could reuse the same upstream response for X downstream
responses, requery upstream if that limit is reached, and double the
limit each time the upstream response matches what you've seen before,
otherwise you fall back to the start limit.)

More information about the dns-operations mailing list