Re: Tinydns - cache poisoning?
* Stephen Vaughan:
> Does anyone know if TinyDNS is vulnerable to the dns cache poisoning
> exploit? I run tinydns servers, I ran the test below and it came back as
tinydns as in djbdns? dnscache (the iterative resolver component of
djbdns) uses source port randomization, so no code changes are required.
> mh1:~# dig +short @ns1.example.com porttest.dns-oarc.net TXT
> "126.96.36.199 is POOR: 26 queries in 4.4 seconds from 1 ports with std dev 0.00"
This should not happen with dnscache. Perhaps you're behind a
not-so-transparent DNS proxy, and you're actually testing your ISP's