DNS/noninumについて、ここに記述してください。

なかなかおもしろいので、引用というには多いがまずはコピーして、コメントをつける。

Ghost Domain Names 脆弱性は nominumにはないと言う話

http://nominum.com/ghosts-in-the-dns-machine/

Ghosts in the DNS machine Feb 14, 2012

There are a couple of bits of good news. 

First, Nominum Vantio servers are NOT susceptible to this vulnerability. 
Vantio source code has been carefully reviewed and testing has confirmed Nominum’s algorithms
for determining what DNS data is stored in the cache will NOT store the DNS data that enables this vulnerability.

To capture the technical point:  Vantio never uses authority section data from a zone to update the zone’s delegation entry. 
Or, said another way, Vantio only accepts delegation data from a parent zone.

Vantio は Authority Section のデータは受け入れない。

The other good news is it certainly does not compare with earlier vulnerabilities, like Kaminsky’s in 2008. It is not cache poisoning, the attacker can only impact domains they control

It also does not improve the effectiveness of an exploit, but could be used to extend its lifetime. Perhaps the phishers will rejoice since they are commonly targets of take downs.

It’s also important to note that since it operates at the caching layer

Scale is determined by touching more caching servers so a lone phisher without access to something like a properly trained botnet.

It will be interesting to see whether or not this gets used in the wild. Perhaps a dejected botmaster will use it to breath new life into a botnet that has been taken down. Imagine a self-sustaining botnet, that takes advantage of ghost domains to survive attempts to kill it. Wouldn’t that be a vampire bot?