J
John
Multiple DNS implementations vulnerable to cache poisoning
http://www.kb.cert.org/vuls/id/800113
In response to the above security vulnerability, I'm trying to manually
configure WinXP machine to query OpenDNS servers (or any other DNS server
that's been patched).
I'm doing this because the WinXP machine is currently using ISP DNS server
and they haven't done anything to fix the problem. I doubt they will patch
their DNS servers at anytime soon (I'm talking about ISP in a 3rd world
country).
If I configure my TCP/IP settings to use primary/secondary DNS from OpenDNS,
what will happen? Will XP 'ask' primary DNS and if that fails, XP then 'ask'
secondary DNS? If both fail, will I get "unknown URL" message?
Does anyone know how WinXP DNS resolution behave? I'd like to be sure that
my WinXP machine only queries DNS servers that I tell it to use. I don't
want it to failover to some unpatched DNS servers out there on the web and
get a bogus result.
Thanks.
http://www.kb.cert.org/vuls/id/800113
In response to the above security vulnerability, I'm trying to manually
configure WinXP machine to query OpenDNS servers (or any other DNS server
that's been patched).
I'm doing this because the WinXP machine is currently using ISP DNS server
and they haven't done anything to fix the problem. I doubt they will patch
their DNS servers at anytime soon (I'm talking about ISP in a 3rd world
country).
If I configure my TCP/IP settings to use primary/secondary DNS from OpenDNS,
what will happen? Will XP 'ask' primary DNS and if that fails, XP then 'ask'
secondary DNS? If both fail, will I get "unknown URL" message?
Does anyone know how WinXP DNS resolution behave? I'd like to be sure that
my WinXP machine only queries DNS servers that I tell it to use. I don't
want it to failover to some unpatched DNS servers out there on the web and
get a bogus result.
Thanks.