DNS Attacks

[John Cornelius]

Bruno Wolff III wrote:
> ------snip-----
> Generally you mean the appropiate TLD servers as most newly registered
> domains don't go into the root servers.
>
>   
Actually, I believe that they do but all that they do is provide a 
pointer to the appropriate name server for the domain. Perhaps that's 
what you meant but it didn't sound like it.
>> listed in the whois lookup.  There is a time-to-live associated with the  
>> addresses, so existing names may linger with the wrong addresses, though.
>>     
>
> And some ISPs have been known to fudge these to be longer than what they
> are to cut down on queries. This breaks things like djbdns' feature of
> having the ttl count down as a cutover time is approached.
>   

Indeed they do and it's tacky but what can you do?

--jc