[isf-wifidog] [Fwd: SPECIFIC WEBSITES]

Pascal Leclerc isf at plec.ca
Dim 10 Avr 10:45:03 EDT 2005

> On Apr 9, 2005 2:50 PM, Sandro Mancuso <liquid at liquidonline.ca> wrote:
>> I don't think it's a wise idea to not cache replies.  There's a reason
>> that functionality is built into almost all DNS servers.
> It's my opinion too, but this is an embedded platform after all.
> Though, IIRC the units have 16 megs of RAM which is more than enough. We
> have no real need for a private DNS server on the routers anyway.
> Forwarding w/ caching is all it does.

Dnsmasq is more than only a DNS server that is doing caching and
forwarding. It's the DHCP server with some other useful features for small

>> Cache
>> poisoning (which I am doubtful is the case, because it requires
>> someone with sufficient patience to want to target specifically the
>> wifi server) does not occur simply because a dns server is caching
>> replies.  What is actually happening is the cracker is exploiting the
>> very poor
>> randomness, which BIND 8 was known for.  BIND 9 addressed this issue,
>> and is significantly better.  DJBDNS is a small, simple daemon, and
>> has significantly better randomness for the serials of all replies.
> I wasn't implying that it was the case that our (dnsmasq) caches were
> being poisoned.

It's what I was thinking when a read this on slashdot, not that dnsmasq
was directly attacked.

David, you said that bellnexxia servers are often swamped and get
intermittant problems with them. When the problem occured our routers was
using DNS servers from Videotron and not those from bellnexxia servers.

Strange problem with minimal facts and details coming from the users side ;-)


Plus d'informations sur la liste de diffusion WiFiDog