In article <mailman.1395.1273052339.21153.bind-us...@lists.isc.org>, Stephane Bortzmeyer <bortzme...@nic.fr> wrote:
> On Wed, May 05, 2010 at 09:35:38AM +0100, > Sam Wilson <sam.wil...@ed.ac.uk> wrote > a message of 22 lines which said: > > > > It seems (not tested by me) that Nominum CNS does that: when many > > > responses arrive which do not match (src IP address, query ID, etc) > > > any pending answer, it switches to TCP, assuming someone tries to > > > poison it. > > > > > > This is supposed to be a protection against the Kaminsky attack. > > > > Interesting. "Switches" by what means? > > I don't understand the question. When detecting an attack, CNS decides > to query the authoritative name servers with TCP instead of querying > with UDP as it does by default, that's all. Yeah - I misunderstood the original description and had in my mind CNS getting spoofed responses and causing the original querier to retry with TCP. I understand now. Thanks, Sam _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
