NetBSD-Users archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Resolver problems

On Thu, 3 Dec 2009, Ingolf Steinbach wrote:

> >> 2) Re-writing the source port number of the faulty UDP packets.
> >
> > I am curious how any DNS client would use a response from it. It
> > should not be trusted.
> The DNS client would not be able to detect that the source port was
> "corrected", would it?

It should detect it. It is a sign of spoofed data. For example, dig (as 
a client) would complain, like:

 ;; reply from unexpected source:, expected

And BIND 9.6 (as a client) would ignore it (not use it). It doesn't log 
to prevent a potential DoS. (BIND 4 and 8 did have a message like 
"Response from unexpected source".)

Home | Main Index | Thread Index | Old Index