matching the source ip and port
Anand Buddhdev
anandb at ripe.net
Fri Aug 19 21:27:17 UTC 2016
On 19/08/16 23:03, pm8pm8--- via Unbound-users wrote:
Hi,
> When receiving a response to a DNS query, does Unbound match the source ip
> of the response to the destination ip of the query and discard the response
> if they do not match? Does it match the ports?
> I.e. apart from checking
> query.transactionID == response.transactionID
> does Unbound check for
> query.destinationIP == response.sourceIP
> and
> query.destinationPort == response.sourcePort?
Yes, it does. Without such checks the cache could be trivially poisoned.
--
Anand
More information about the Unbound-users
mailing list