> I also tried that successfully. What exactly did you try, and how > didn't it work?
I figured it out, and you're right, it does work. I had the wrong fake nameservers which explains my original results :) > No, the presence of an A record simply means the attack is not > effective until the A record expires (the attack itself succeeds > anytime unless the server also caches www.cnn.com./NS, which is very > unlikely). When "it gets renewed again", the server is already > poisoned with the forged NS, and it will be poisoned with a forged A > record by the forged NS. Now if only there were a way not to cache answers to questions we never asked... Thanks, Gabriel
