But can't you overwrite in cache both the A and NS record to re-direct the whole domain with an answer and authority answer spoofed from the NS server? Isn't this the other poisoning problem that really hasn't been spoken about much? However, then you would need to have a NS to redirect with. Please correct me if I'm wrong.
--- On Mon, 7/28/08, Parvinder Bhasin <[EMAIL PROTECTED]> wrote: > From: Parvinder Bhasin <[EMAIL PROTECTED]> > Subject: Re: BIND and CNAME-ing > To: "Paul de Weerd" <[EMAIL PROTECTED]> > Cc: [EMAIL PROTECTED], "Almir Karic" <[EMAIL PROTECTED]>, "openbsdML" > <misc@openbsd.org> > Date: Monday, July 28, 2008, 11:27 AM > Thanks Paul!!! > Wow!!! is the only thing that comes to my mind. Didn't > even know that > DNAME existed. > I will definately read up on it. > > Thanks a bunch! > -Parvinder Bhasin > > On Jul 25, 2008, at 12:14 AM, Paul de Weerd wrote: > > > On Thu, Jul 24, 2008 at 04:49:55PM -0700, Parvinder > Bhasin wrote: > >> Thanks guys for clearing this up. So in short you > cannot CNAME an > >> entire > >> domain (domain.com IN CNAME google.com > <-------- can't do ). > > > > You should google for DNAME some time. Then form your > own opinion on > > the topic matter ;) > > > > Cheers, > > > > Paul 'WEiRD' de Weerd > > > > -- > >> > ++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+ > > > +++++++++++>-]<.>++[<------------>-]<+.--------------.[-] > > http://www.weirdnet.nl/
