Re: Why *can* cached DNS replies be overwritten?
Paul Vixie <vixie@isc.org> Tue, 12 August 2008 17:14 UTC
Return-Path: <owner-namedroppers@ops.ietf.org>
X-Original-To: ietfarch-dnsext-archive@core3.amsl.com
Delivered-To: ietfarch-dnsext-archive@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 4331A3A69E3; Tue, 12 Aug 2008 10:14:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.298
X-Spam-Level:
X-Spam-Status: No, score=-2.298 tagged_above=-999 required=5 tests=[AWL=0.301, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GW5vEt38ThpW; Tue, 12 Aug 2008 10:14:49 -0700 (PDT)
Received: from psg.com (psg.com [IPv6:2001:418:1::62]) by core3.amsl.com (Postfix) with ESMTP id 6780F3A67FE; Tue, 12 Aug 2008 10:14:49 -0700 (PDT)
Received: from majordom by psg.com with local (Exim 4.69 (FreeBSD)) (envelope-from <owner-namedroppers@ops.ietf.org>) id 1KSxM6-000NIv-C4 for namedroppers-data@psg.com; Tue, 12 Aug 2008 17:08:22 +0000
Received: from [2001:4f8:3:bb:230:48ff:fe5a:2f38] (helo=nsa.vix.com) by psg.com with esmtps (TLSv1:CAMELLIA256-SHA:256) (Exim 4.69 (FreeBSD)) (envelope-from <vixie@vix.com>) id 1KSxM2-000NI9-Qf for namedroppers@psg.com; Tue, 12 Aug 2008 17:08:20 +0000
Received: from nsa.vix.com (localhost [127.0.0.1]) by nsa.vix.com (Postfix) with ESMTP id 3B754A1056; Tue, 12 Aug 2008 17:08:15 +0000 (UTC) (envelope-from vixie@nsa.vix.com)
From: Paul Vixie <vixie@isc.org>
To: Olafur Gudmundsson <ogud@ogud.com>
cc: "Jay R. Ashworth" <jra@baylink.com>, namedroppers@psg.com
In-Reply-To: Your message of "Mon, 11 Aug 2008 20:32:48 -0400." <200808120032.m7C0WqNc078602@stora.ogud.com>
References: <20080811190427.GD9082@cgi.jachomes.com> <200808120032.m7C0WqNc078602@stora.ogud.com>
X-Mailer: MH-E 8.0.3; nil; GNU Emacs 22.2.1
Date: Tue, 12 Aug 2008 17:08:15 +0000
Message-ID: <16599.1218560895@nsa.vix.com>
MIME-Version: 1.0
X-Vix-MailScanner-Information: Please contact the ISP for more information
X-MailScanner-ID: 3B754A1056.B7D09
X-Vix-MailScanner: Found to be clean
X-Vix-MailScanner-From: vixie@vix.com
Subject: Re: Why *can* cached DNS replies be overwritten?
Sender: owner-namedroppers@ops.ietf.org
Precedence: bulk
List-ID: <namedroppers.ops.ietf.org>
nonreplacement of rrsets is not a general fix. there are plenty of kaminsky message patterns that rely only on insertion of new data. so while i'm having great fun with just reducing the TTL when a replacement is attempted, especially with NS RRsets, it doesn't make me safe. -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. -- to unsubscribe send a message to namedroppers-request@ops.ietf.org with the word 'unsubscribe' in a single line as the message text body. archive: <http://ops.ietf.org/lists/namedroppers/>
- Re: Why *can* cached DNS replies be overwritten? Olafur Gudmundsson
- Why *can* cached DNS replies be overwritten? Jay R. Ashworth
- Re: Why *can* cached DNS replies be overwritten? bert hubert
- RE: Why *can* cached DNS replies be overwritten? Antoin Verschuren
- Dealing with the NS RRSet [Re: Why *can* cached D… Peter Koch
- Re: Dealing with the NS RRSet [Re: Why *can* cach… Tony Finch
- Re: Dealing with the NS RRSet [Re: Why *can* cach… Florian Weimer
- Re: Why *can* cached DNS replies be overwritten? Paul Vixie
- Re: Dealing with the NS RRSet [Re: Why *can* cach… Peter Koch
- Re: Dealing with the NS RRSet [Re: Why *can* cach… Tony Finch