In article <[email protected]>, Stephane Bortzmeyer <[email protected]> wrote:
> On Wed, May 05, 2010 at 09:35:38AM +0100, > Sam Wilson <[email protected]> wrote > a message of 22 lines which said: > > > > It seems (not tested by me) that Nominum CNS does that: when many > > > responses arrive which do not match (src IP address, query ID, etc) > > > any pending answer, it switches to TCP, assuming someone tries to > > > poison it. > > > > > > This is supposed to be a protection against the Kaminsky attack. > > > > Interesting. "Switches" by what means? > > I don't understand the question. When detecting an attack, CNS decides > to query the authoritative name servers with TCP instead of querying > with UDP as it does by default, that's all. Yeah - I misunderstood the original description and had in my mind CNS getting spoofed responses and causing the original querier to retry with TCP. I understand now. Thanks, Sam _______________________________________________ bind-users mailing list [email protected] https://lists.isc.org/mailman/listinfo/bind-users
