In article <mailman.1323.1272653060.21153.bind-us...@lists.isc.org>,
 Stephane Bortzmeyer <bortzme...@nic.fr> wrote:

> On Wed, Apr 28, 2010 at 11:59:11AM -0400,
>  Kevin Darcy <k...@chrysler.com> wrote 
>  a message of 21 lines which said:
> 
> > I know of no such feature. What do you mean by "spoofed" anyway? How
> > would you expect named to detect "spoofing", and is that its job?
> 
> It seems (not tested by me) that Nominum CNS does that: when many
> responses arrive which do not match (src IP address, query ID, etc)
> any pending answer, it switches to TCP, assuming someone tries to
> poison it.
>  
> This is supposed to be a protection against the Kaminsky attack.

Interesting.  "Switches" by what means?  Returns TC responses to all UDP 
queries?  Just for particular clients or particular domains?  Is this 
documented at all (yes, I'm too lazy to Google :-) ).

Sam
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to