[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Tinydns - cache poisoning?

Quoting Stephen Vaughan (stephenvaughan@gmail.com):

> Does anyone know if TinyDNS is vulnerable to the dns cache poisoning
> exploit? 

The Kaminsky-publicised attack method applies _only_ to caching
recursive-resolver nameservers:  tinydns is an authoritative-only DNS
daemon, not a recursive resolver.  (DJB's caching recursive-resolver
module is dnscache, which was protected by his far-sighted decision to 
randomise source ports -- which has of course been vindicated by recent 

Notes on Linux-relevant nameservers in my bestiary of same might be
useful to you:  "DNS Servers" on http://linuxmafia.com/kb/Network_Other/ 

Reply to: