[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: caching dns lookups
- To: Tzafrir Cohen <tzafrir(at-nospam)technion.ac.il>
- Subject: Re: caching dns lookups
- From: Eran Tromer <eran(at-nospam)tromer.org>
- Date: Thu, 30 Aug 2001 08:43:39 +0200
- CC: Linux-IL mailing list <linux-il(at-nospam)linux.org.il>
- Delivered-To: linux.org.il-linux-il@linux.org.il
- References: <Pine.GSO.4.33_heb2.09.0108300835350.12775-100000@techunix.technion.ac.il>
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
Tzafrir Cohen wrote:
>
> Just a small note...
>
> On Thu, 30 Aug 2001, Eran Tromer wrote:
>
> > Nadav Har'El wrote:
> >
> > > Lastly, Dan, are you sure you really want to use a DNS cache? What was the
> > > reason you decided you wanted one?
> > > In most cases a DNS cache is not useful to "ordinary" modem users. Why?
> > [snip]
> >
> >
> > Security:
>
> [snip]
>
> > (what if someone cracks your ISP's DNS or spoofs it?).
>
> In that case, assuming your caching server uses only the ISP's DNS server,
> then it will be tricked as wel. You can configure it to query root servers
> directly, but the performance loss ill probably be noticable...
Sure, DNS spoofing is still possible, so you need to use protocols like
SSH and SSL+proper_certificates to protect against that. But I was
talking about IP spoofing attacks, in which someone impersonating the
external DNS server gets to talk to any port on your system.
Eran
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il