To:
Kandra Nygårds <kandra@foxette.net>
Cc:
"Ed Sawicki" <ed@alcpress.com>, <dnsop@cafax.se>
From:
Brad Knowles <brad.knowles@skynet.be>
Date:
Sat, 22 Feb 2003 23:29:52 +0100
In-Reply-To:
<05e401c2d9e1$cabeb500$0ef2a8c0@amalthea>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Why one port?
At 8:45 PM +0100 2003/02/21, Kandra Nygårds wrote:
> Question, how would running two instances of DNS software on the same
> machine, using different ports protect against cache poisoning?
The authoritative-only server doesn't do any caching, and
therefore there is no poisoning or pollution of the cache.
The caching-only server isn't authoritative for anything, and
while the cache could potentially become polluted, it can't pass that
pollution on to clients in an authoritative manner (which is the real
danger).
> The DNS protocol has worked quite well so far. I see no need to rewrite it
> in order to enable users perform less than clueful tasks.
There are some problems in the DNS, but I am still convinced that
we can fix these problems without throwing out the whole thing.
--
Brad Knowles, <brad.knowles@skynet.be>
"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-Benjamin Franklin, Historical Review of Pennsylvania.
GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+
!w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++)
tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++)
#----------------------------------------------------------------------
# To unsubscribe, send a message to <dnsop-request@cafax.se>.