DNS/Deadwood/検索動作/2について、ここに記述してください。

1. How Deadwood stops blind spoofing attacks

Deadwood's recursive resolver is written with the following philosophy:

     either pointers to incomplete NS referrals,
     or the direct answer to the question originally given to Deadwood.

For example, if someone asks Deadwood "what is the IP for www.paypal.com", Deadwood will only add the following records to the cache while resolving www.paypal.com:

The information about what name servers to use for a given domain, say "example.com", can only come from one of the following two sources:

Information given by example.com's own name servers only affect names ending in "example.com"; they do not affect the name servers for example.com [5].