How to prevent DNS fragmentation attacks on your network. DNS cache poisoning attacks can, and have been used, to redirect traffic within networks and are often the first step for larger attacks.
- why DNS fragmentation attacks work
- why DNS caching servers that do not do DNSSEC validation are especially vulnerable
- why DNSSEC signed zones can be used to launch this attack
- how IPv6 and/or DNSSEC validation can stop these attacks