Firewalls: Re: Does BIND-4.9 use ID word? (fwd)

Firewalls
(January 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Does BIND-4.9 use ID word? (fwd)
From:	John . MacFarlane @ Software . com (John L. MacFarlane)
Date:	Thu, 20 Jan 1994 16:37:00 -0800
To:	firewalls @ GreatCircle . COM

>
>I was just wondering if BIND ver. 4.9(.2) uses the ID word to match
>a query to a reply or is the ID field for the reply ignored?
>
>My motivation for the question: Can someone force-feed a bogus answer
>to a resolver or named query sent to an external nameserver. It seems to
>me that a bogus answer would need the correct 16bit ID field of the query
>to be accepted (depending on how BIND uses this ID).
>
>	Indeed, BIND does compare the ID field to match responses to queries.
>	Forcefeeding a bogus answer isn't easy. It has been made even
>	more difficult with the VALIDATE patch in BIND 4.9.2. Wait for
>	the public release and read accompanying notes to figure out
>	how to use it.
>
>	-anant
>
John L. MacFarlane (John .
 MacFarlane @
 Software .
 com)
Software.com
6487A Calle Real                  (805) 967-5022
Santa Barbara, California 93117   (805) 964-4507 Fax.

Indexed By Date	Previous:	Re: Active Defense From: ericm @ MicroUnity . com (Eric Murray)
Indexed By Date	Next:	Re: Active Defense From: amolitor @ anubis . network . com (Andrew Molitor)
Indexed By Thread	Previous:	Re: Implementing ``good'' firewall router code From: Bernhard . Schneck @ Physik . TU-Muenchen . DE
Indexed By Thread	Next:	Re: Pings... From: gil @ checkpoint . brm . co . il (Gil Shwed)