[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Trustworthiness rules

To: Edward Lewis <Ed.Lewis@neustar.biz>
Subject: Trustworthiness rules
From: gson@araneus.fi (Andreas Gustafsson)
Date: Wed, 29 Nov 2006 02:45:37 +0200
Cc: namedroppers@ops.ietf.org
Delivery-date: Wed, 29 Nov 2006 00:48:23 +0000
Envelope-to: namedroppers-data@psg.com

Edward Lewis wrote:
> Cache poisoning was "solved" by the trustworthiness rules and other 
> clean up in RFC 2181.  Cache poisoning is still a vulnerability but 
> much harder and less effective if the caches in the pipeline all 
> implement RFC 2181 rules cleanly.

I agree that the cache poisoning problem has been solved, for most
practical purposes, by caching servers implementing anti-poisoning
rules.

However, I must point out that the specific rules in RFC2181 are in
fact not an effective defense against cache poisoning, and that the
immunity against poisoning enjoyed by current caching servers stems
from a completely different rule that is still not stated in any IETF
document.

There are several variations of this rule, but in its simplest form,
it says that when a caching server queries the authoritative servers
of a given domain, it must discard all response records whose owner
name is outside that domain.

IMO, not only do we need to put this rule in a standards document, 
but RFC2181 section 5.4.1 should go away.
-- 
Andreas Gustafsson, gson@araneus.fi

--
to unsubscribe send a message to namedroppers-request@ops.ietf.org with
the word 'unsubscribe' in a single line as the message text body.
archive: <http://ops.ietf.org/lists/namedroppers/>

Prev by Date: Re: Non-terminal-wildcards Re: SRV records considered dubious
Next by Date: Re: Trustworthiness rules
Previous by thread: DNSSEC - Signature Only vs the MX/A issue.
Next by thread: Re: Trustworthiness rules
Index(es):
- Date
- Thread