Multiple DNS implementations vulnerable to cache poisoning

• Previous message (by thread): Multiple DNS implementations vulnerable to cache poisoning
• Next message (by thread): Multiple DNS implementations vulnerable to cache poisoning
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Jul 9, 2008 at 11:41 AM, Steven M. Bellovin <smb at cs.columbia.edu> wrote:

> The ISC web page on the attack notes "DNSSEC is the only definitive
> solution for this issue. Understanding that immediate DNSSEC deployment
> is not a realistic expectation..."  I wonder what NANOG folk can do
> about the second part of that quote...

get the root zone signed, get com/net/org/ccTLD's signed.. oh wait,
that's not nanog... doh!

Pressure your local ICANN officers?

-Chris

• Previous message (by thread): Multiple DNS implementations vulnerable to cache poisoning
• Next message (by thread): Multiple DNS implementations vulnerable to cache poisoning
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]