1. DNS/毒盛/tweetから

https://twitter.com/beyondDNS/status/444080744281821184

unbound.jp に書いてある「DNSキャッシュ汚染に対する耐性が強い」の根拠が分からない。どこかに説明があるのだろうか。

https://twitter.com/beyondDNS/status/443541591945269248

Haya Shulman: "DNS Cache-Poisoning: New Attacks and Defenses"

However, we show how attackers may be able to circumvent those defenses and poison in spite of them; specifically:
- Circumvent source port randomisation, in the (common) case where the resolver connects to the Internet via different NAT devices.
- Circumvent IP address randomisation supported by standard-conforming resolvers.
- Circumvent query randomisation, including both randomisation by prepending a random nonce and case randomisation (0x20 encoding).

http://www.ietf.org/proceedings/87/slides/slides-87-saag-3.pdf

https://twitter.com/beyondDNS/status/443540344295002112

https://www.ida.liu.se/~TDDC03/literature/dnscache.pdf

Recommended Defenses Against DNS Cache Poisoning

https://unbound.net/documentation/patch_announce102.html　unbound patch 2008

MoinQ: DNS/毒盛/tweetから (last edited 2021-05-02 06:50:23 by ToshinoriMaeno)