Re: Tinydns - cache poisoning?
Quoting Stephen Vaughan (stephenvaughan@gmail.com):
> Does anyone know if TinyDNS is vulnerable to the dns cache poisoning
> exploit?
The Kaminsky-publicised attack method applies _only_ to caching
recursive-resolver nameservers: tinydns is an authoritative-only DNS
daemon, not a recursive resolver. (DJB's caching recursive-resolver
module is dnscache, which was protected by his far-sighted decision to
randomise source ports -- which has of course been vindicated by recent
news.)
Notes on Linux-relevant nameservers in my bestiary of same might be
useful to you: "DNS Servers" on http://linuxmafia.com/kb/Network_Other/
Reply to: