If we talk about checking after suspected poisoning, my best idea is:
dump the cache, then flush the cache and do the lookups again and
compare to the cache-dump. Any difference is suspicious and should be
looked closer upon.
The cure is BTW also to flush the cache of the fake info.
Remember that it is only the resolving server, that gets poisoned, the
authoritative server does not ask questions and can not be poisoned with
false replies.
Remember to use best practises to avoid poisoning anyway.
On 26/10/10 10:19, Matus UHLAR - fantomas wrote:
> On 25.10.10 16:39, The Doctor wrote:
>> My question is how can you detect if a DSN / Domain name
>> has been 'poisoned'?
> quitye hard if it's already been done. You can see what it contains and
> compare it with what is should contain, but you never know if the incorrect
> data didn't come from misconfigured server.
>
--
Best regards
Sten Carlsen
No improvements come from shouting:
"MALE BOVINE MANURE!!!"
_______________________________________________
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
