> I appreciate you replying, but I understand the Windows DNS attack well. > I'm just wondering how and if BIND protects against the same attack, and > if yes, how? Well, as the main vulnerability implies, a sane DNS cache wouldn't accept a record that wasn't requested. If I ask for A, and I get A and B back, and B isn't reasonably related to A, ignore B. I'm not saying BIND is sane, but from what I understand, in this case they got it right. The birthday attack is merely another vector to exploit the real problem. tim
