TreeWalkDNSTreeWalk DNS
Home
 Home 		| Support
 Support 		| FAQ
 Frequently Asked Questions 		| Downloads
 Downloads 		| Forums
 Forums 		| XP/2K+ Tips
 XP/2000+ Tips 		| Site Map
 Site Map 		| Content
 

 Is TreeWalk susceptible to cache poisoning? 

TreeWalk itself is protected and not vulnerable when TreeWalk collects information from authorized servers for each domain looked up. This is TW's preferred operation. So, you are protected from the cache poisoning issue by collecting original results and not a cached result that may have been compromised with a fake answer. Example 1 (only the TreeWalk address is listed in the netinfo.txt output generated with the TW "Check config" utility):

* DNS server(s) list..........: 127.0.0.1

The TreeWalk user may choose to allow forwarders such as an ISP's DNS server as a backup. This is a judgment call made by the user. Many ISP's are excellent, while many others are rubbish and have been shown to have compromised DNS servers. Example 2 (a trusted ISP server is added as backup):

* DNS server(s) list..........: 127.0.0.1 <server>
(where "<server>" is the trusted server IP address in numeric format). Multiple trusted servers may be included, if desired.

"If my ISP's DNS server gets a bad answer from their source, and my TreeWalk Personal DNS server is getting the answers from the same source, won't they both be "bad"?"

Authorized, official data for a domain DNS server can only ever give good answers, however typing or configuration errors may render a good answer as incorrect or unusable. Both TreeWalk and ISP's can only get good answers from an original authorized server, but a vulnerable DNS server (including on a local LAN) could permit a good cached answer to be overwritten by a vandal. This could append a bad, false answer during a reply, resulting in a completely different lookup. Likewise, a bad false answer could be just added to a cache.

To further explain, the issue with some ISP's or a local LAN Administrator is that they may run old and vulnerable servers, by not updating to the safe BIND9. Vandals can poison the database those machines use by sending false answers which are included into the cache when, in all actuality, the appended information should be ignored and trashed. Also, to save money some ISP's may buy DNS answers from vulnerable commercial DNS service providers who are not running the current BIND9 software that TreeWalk is based upon. It's also interesting to note that BIND9 implements many, but not all of the changes that were written into TreeWalk by it's developers (ObiWan and NT Canuck).

It's recommended not to adjust your network adapter's TCP/IP settings without backing up that data first (write it down!)...

TOP