[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Resolver problems
On Thu, 3 Dec 2009, Ingolf Steinbach wrote:
> >> 2) Re-writing the source port number of the faulty UDP packets.
> > I am curious how any DNS client would use a response from it. It
> > should not be trusted.
> The DNS client would not be able to detect that the source port was
> "corrected", would it?
It should detect it. It is a sign of spoofed data. For example, dig (as
a client) would complain, like:
;; reply from unexpected source: 10.10.2.6#10028, expected 10.10.2.7#53
And BIND 9.6 (as a client) would ignore it (not use it). It doesn't log
to prevent a potential DoS. (BIND 4 and 8 did have a message like
"Response from unexpected source".)
Main Index |
Thread Index |