On Wed, May 05, 2010 at 09:35:38AM +0100, Sam Wilson <sam.wil...@ed.ac.uk> wrote a message of 22 lines which said:
> > It seems (not tested by me) that Nominum CNS does that: when many > > responses arrive which do not match (src IP address, query ID, etc) > > any pending answer, it switches to TCP, assuming someone tries to > > poison it. > > > > This is supposed to be a protection against the Kaminsky attack. > > Interesting. "Switches" by what means? I don't understand the question. When detecting an attack, CNS decides to query the authoritative name servers with TCP instead of querying with UDP as it does by default, that's all. > Returns TC responses to all UDP queries? Why would it do that? The stub resolvers would not know what to do with it. > Just for particular clients or particular domains? Is this > documented at all I don't know. _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
