Re: Tinydns - cache poisoning?
Stephen Vaughan escribió:
I was querying my tinydns remotely which was using bind locally. When
I ran the dig command on the box itself (which uses the local
dnscache) it didn't return anything.
Who is resolving the external domains ? Your TinyDNS have forwarders ?
If your answer is yes, you are testing your forwarders. I had many
forwarders, now I have OpenDNS servers only.
So looks like its all clear..
On Wed, Jul 30, 2008 at 3:06 PM, Florian Weimer <firstname.lastname@example.org
* Stephen Vaughan:
> Does anyone know if TinyDNS is vulnerable to the dns cache poisoning
> exploit? I run tinydns servers, I ran the test below and it came
tinydns as in djbdns? dnscache (the iterative resolver component of
djbdns) uses source port randomization, so no code changes are
> mh1:~# dig +short @ns1.example.com <http://ns1.example.com>
porttest.dns-oarc.net <http://porttest.dns-oarc.net> TXT
> "22.214.171.124 <http://126.96.36.199> is POOR: 26 queries in 4.4 seconds
from 1 ports with std dev 0.00"
This should not happen with dnscache. Perhaps you're behind a
not-so-transparent DNS proxy, and you're actually testing your ISP's