[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: caching dns lookups



Tzafrir Cohen wrote:
> 
> Just a small note...
> 
> On Thu, 30 Aug 2001, Eran Tromer wrote:
> 
> > Nadav Har'El wrote:
> >
> > > Lastly, Dan, are you sure you really want to use a DNS cache? What was the
> > > reason you decided you wanted one?
> > > In most cases a DNS cache is not useful to "ordinary" modem users. Why?
> > [snip]
> >
> >
> > Security:
> 
> [snip]
> 
> > (what if someone cracks your ISP's DNS or spoofs it?).
> 
> In that case, assuming your caching server uses only the ISP's DNS server,
> then it will be tricked as wel. You can configure it to query root servers
> directly, but the performance loss ill probably be noticable...

Sure, DNS spoofing is still possible, so you need to use protocols like
SSH and SSL+proper_certificates to protect against that. But I was
talking about IP spoofing attacks, in which someone impersonating the
external DNS server gets to talk to any port on your system.

  Eran

=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il