SAD DNS cache poisoning attack

Michael Richardson mcr+ietf at sandelman.ca
Sun Nov 15 17:13:48 EST 2020


better if dnsmasq just implemented https://tools.ietf.org/html/draft-vixie-dnsext-dns0x20-00
which alas, has never become an RFC, AFAIK.

Alternatively, DNSSEC was designed to deal with the entire gamut of DNS cache
poisioning.

More fiddling with ICMP source ports is not going to help in the long run.

--
Michael Richardson <mcr+IETF at sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide




-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 487 bytes
Desc: not available
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20201115/234d2bd1/attachment.sig>


More information about the openwrt-devel mailing list