Re: Resolver problems

To: Ingolf Steinbach <ingolf.steinbach%googlemail.com@localhost>
Subject: Re: Resolver problems
From: "Jeremy C. Reed" <reed%reedmedia.net@localhost>
Date: Fri, 4 Dec 2009 08:10:36 -0600 (CST)

On Thu, 3 Dec 2009, Ingolf Steinbach wrote:

> >> 2) Re-writing the source port number of the faulty UDP packets.
> >
> > I am curious how any DNS client would use a response from it. It
> > should not be trusted.
> 
> The DNS client would not be able to detect that the source port was
> "corrected", would it?

It should detect it. It is a sign of spoofed data. For example, dig (as 
a client) would complain, like:

 ;; reply from unexpected source: 10.10.2.6#10028, expected 10.10.2.7#53

And BIND 9.6 (as a client) would ignore it (not use it). It doesn't log 
to prevent a potential DoS. (BIND 4 and 8 did have a message like 
"Response from unexpected source".)

References:
- Resolver problems
  - From: Ingolf Steinbach
- Re: Resolver problems
  - From: Greg A. Woods
- Re: Resolver problems
  - From: Ingolf Steinbach
- Re: Resolver problems
  - From: Robert Elz
- Re: Resolver problems
  - From: Ingolf Steinbach
- Re: Resolver problems
  - From: Jeremy C. Reed
- Re: Resolver problems
  - From: Ingolf Steinbach

Prev by Date: Re: lib/42405: libc: getaddrinfo() should perform T_A lookups before T_AAAA lookups, was: Resolver problems
Next by Date: Re: lib/42405: libc: getaddrinfo() should perform T_A lookups before T_AAAA lookups, was: Resolver problems
Previous by Thread: Re: Resolver problems
Next by Thread: Re: Resolver problems
Indexes:

Home | Main Index | Thread Index | Old Index