I have the wrong idea that only positive answers of name lookup will be cached with a period defined by the TTL while negative answers (NXDOMAIN) will not have the same function. The fact is NXDOMAIN will also be cached in a resolver and the period is according to the “SOA Minimum” of the zone file. Suppose if I interrogate xyz.cnn.com at a resolver, the name server will reply NXDOMAIN and the provide the SOA record which contains origin, mail address, serial, refresh, retry, expire and minimum. For this case, the SOA minimum is 3600. If after 10 seconds, I ask xyz.cnn.com, the resolver will fetch the answer from the cache indicating the remaining time is 3590.
Funs. This tells why hackers can inject fake NXDOMAIN to make a domain name inaccessible as a way of DOS attack.
No comments:
Post a Comment