On 19/08/16 23:03, pm8pm8--- via Unbound-users wrote: Hi,
> When receiving a response to a DNS query, does Unbound match the source ip > of the response to the destination ip of the query and discard the response > if they do not match? Does it match the ports? > I.e. apart from checking > query.transactionID == response.transactionID > does Unbound check for > query.destinationIP == response.sourceIP > and > query.destinationPort == response.sourcePort? Yes, it does. Without such checks the cache could be trivially poisoned. -- Anand
