how to protect name servers against cache corruption

Thomas H. Ptacek tqbf at enteract.com
Wed Jul 30 00:49:43 UTC 1997


> Noone in the security field has any right to expect any implementation of
> DNS to be secure until DNSSEC is widely implemented.

> I'm sorry if something I said misled you to believe otherwise.

So BIND 8.1.1 is NOT "immune" to the poisoned resource-record attack? I
ask because you specifically stated that it was. Sorry to nag, I'd just
like to see this clarified to the operations community.

Again, thanks for your time and patience!

----------------
Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf at enteract.com]
----------------
"If you're so special, why aren't you dead?"





More information about the NANOG mailing list