On Wed, Apr 28, 2010 at 11:59:11AM -0400, Kevin Darcy <k...@chrysler.com> wrote a message of 21 lines which said:
> I know of no such feature. What do you mean by "spoofed" anyway? How > would you expect named to detect "spoofing", and is that its job? It seems (not tested by me) that Nominum CNS does that: when many responses arrive which do not match (src IP address, query ID, etc) any pending answer, it switches to TCP, assuming someone tries to poison it. This is supposed to be a protection against the Kaminsky attack. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
