To:
<dnsop@cafax.se>
From:
"Scott Rose" <scottr@nist.gov>
Date:
Thu, 6 Nov 2003 08:13:08 -0500
Sender:
owner-dnsop@cafax.se
Subject:
Re: preventing cache contamination
I am not if I understand all the questions. Is this for an implementation of a recursive (caching) name server? ----- Original Message ----- From: "masataka ohta" <mohta@necom830.hpcl.titech.ac.jp> > Does the following work to prevent DNS cache contamination > > 1) have no public access on shared media from cache to external > network (to prevent MITM) > Agree with bert. As long as you trust the links. > 2) have separate cache for glue Could the server mark glue RRsets in cache, then trust them when they can be confirmed through subsequent queries? > > 3) cache an answer to a query but activate it only after a > compatible answer is returned for latter query (to protect > against ID space attack) > A later query initiated by the server, or from another client? I think I do not understand this. Scott > ? > > Masataka Ohta > > #---------------------------------------------------------------------- > # To unsubscribe, send a message to <dnsop-request@cafax.se>. > #---------------------------------------------------------------------- # To unsubscribe, send a message to <dnsop-request@cafax.se>.