DNS Attacks

Bruno Wolff III bruno at wolff.to
Fri Jul 25 20:11:43 UTC 2008


On Fri, Jul 25, 2008 at 13:40:49 -0500,
  Les Mikesell <lesmikesell at gmail.com> wrote:
> James Kosin wrote:
>
> The only real delay when adding something new is getting the registered  
> servers for a domain into the root servers.  These should be the ones  

Generally you mean the appropiate TLD servers as most newly registered
domains don't go into the root servers.

> listed in the whois lookup.  There is a time-to-live associated with the  
> addresses, so existing names may linger with the wrong addresses, though.

And some ISPs have been known to fudge these to be longer than what they
are to cut down on queries. This breaks things like djbdns' feature of
having the ttl count down as a cutover time is approached.




More information about the fedora-list mailing list