25 Jul 22:26
Re: DNS Attacks
Les Mikesell <lesmikesell <at> gmail.com>
2008-07-25 20:26:49 GMT
2008-07-25 20:26:49 GMT
Bruno Wolff III wrote:
>>
>> The only real delay when adding something new is getting the registered
>> servers for a domain into the root servers. These should be the ones
>
> Generally you mean the appropiate TLD servers as most newly registered
> domains don't go into the root servers.
I guess things have changed - .com at least used to be known directly by
the roots. Anyway, a query for an unknown domain has to start at the
root servers and will resolve as soon as they know where to send it.
>> listed in the whois lookup. There is a time-to-live associated with the
>> addresses, so existing names may linger with the wrong addresses, though.
>
> And some ISPs have been known to fudge these to be longer than what they
> are to cut down on queries. This breaks things like djbdns' feature of
> having the ttl count down as a cutover time is approached.
And worse, applications may cache them for as long as they run.
--
Les Mikesell
lesmikesell <at> gmail.com
--
--
fedora-list mailing list
fedora-list <at> redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
RSS Feed