In article <mailman.1323.1272653060.21153.bind-us...@lists.isc.org>, Stephane Bortzmeyer <bortzme...@nic.fr> wrote:
> On Wed, Apr 28, 2010 at 11:59:11AM -0400, > Kevin Darcy <k...@chrysler.com> wrote > a message of 21 lines which said: > > > I know of no such feature. What do you mean by "spoofed" anyway? How > > would you expect named to detect "spoofing", and is that its job? > > It seems (not tested by me) that Nominum CNS does that: when many > responses arrive which do not match (src IP address, query ID, etc) > any pending answer, it switches to TCP, assuming someone tries to > poison it. > > This is supposed to be a protection against the Kaminsky attack. Interesting. "Switches" by what means? Returns TC responses to all UDP queries? Just for particular clients or particular domains? Is this documented at all (yes, I'm too lazy to Google :-) ). Sam _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users