* Jason Frisvold: > I think this is more of a question of who to trust. Caching, in > general, isn't a bad thing provided that TTL's are adhered to. If the > poisoning attack were to inject a huge TTL value, then that would > compromise that cache. (Note, I am no expert on dns poisoning, so I'm > not sure if the TTL is "attackable")
I'm not sure if you can poison the entire cache of a stub resolver (which can't do recursive lookups on its own). I would expect that the effect is limited to a particular DNS record, which in turn should expire after the hard TTL limit (surely there is one).