## page was renamed from DNS/毒盛再考/tweet
## page was renamed from DNS/キャッシュサーバ/毒盛/tweet
= DNS/毒盛/tweetから =
<<Navigation(children,1)>>

https://twitter.com/beyondDNS/status/444080744281821184


unbound.jp に書いてある「DNSキャッシュ汚染に対する耐性が強い」の根拠が分からない。
どこかに説明があるのだろうか。

https://twitter.com/beyondDNS/status/443541591945269248

Haya Shulman: "DNS Cache-Poisoning: New Attacks and Defenses"
{{{
However, we show how attackers may be able to circumvent those defenses and poison in spite of them; specifically:
- Circumvent source port randomisation, in the (common) case where the resolver connects to the Internet via different NAT devices.
- Circumvent IP address randomisation supported by standard-conforming resolvers.
- Circumvent query randomisation, including both randomisation by prepending a random nonce and case randomisation (0x20 encoding). 
}}}

http://www.ietf.org/proceedings/87/slides/slides-87-saag-3.pdf

https://twitter.com/beyondDNS/status/443540344295002112

https://www.ida.liu.se/~TDDC03/literature/dnscache.pdf

Recommended Defenses Against DNS Cache Poisoning


https://unbound.net/documentation/patch_announce102.html　unbound patch 2008