[36025] in bugtraq
Re: International DNS compromise?
daemon@ATHENA.MIT.EDU (Danny)
Sat Aug 7 10:48:26 2004
Message-ID: <addc34c60408061212117fa512@mail.gmail.com>
Date: Fri, 6 Aug 2004 15:12:17 -0400
From: Danny <nocmonkey@gmail.com>
To: "Troy K." <tjk@tksoft.com>
Cc: Zhen Shi <zhenshi99@yahoo.com>, bugtraq@securityfocus.com
In-Reply-To: <200408051749.i75HndsK009720@plug.fi>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
On Thu, 5 Aug 2004 10:49:39 -0700 (PDT), Troy <tjk@tksoft.com> wrote:
> It's probably the ISP you are using.
> They are intercepting DNS requests and returning their
> own replies. It could be something malicious, but it could
> just as well be the ISP saving bandwidth by caching DNS queries.
I have never heard of an ISP which does not cache (Bind does by
default) DNS queries. If they did not, their DNS servers would be
constantly hitting the root servers, which would be horribly
inconsiderate.
> If they cache DNS queries they probably cache www queries as
> well.
See my last comment.
...D
