how to protect name servers against cache corruption

• Previous message (by thread): how to protect name servers against cache corruption
• Next message (by thread): off-topic (Re: how to protect name servers against cache corruption )
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> > Noone in the security field has any right to expect any implementation of
> > DNS to be secure until DNSSEC is widely implemented.
> 

this statement bothers me.  certainly without DNSSEC there can be no 
*assurances* of security, but there is a gaping chasm between the current 
system and DNSSEC that could be closed significantly with proper design.

simply stating that until DNSSEC arrives these attacks are going to be 
allowed is a copout.


ben


> > I'm sorry if something I said misled you to believe otherwise.
> 
> So BIND 8.1.1 is NOT "immune" to the poisoned resource-record attack? I
> ask because you specifically stated that it was. Sorry to nag, I'd just
> like to see this clarified to the operations community.
> 
> Again, thanks for your time and patience!
> 
> ----------------
> Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf at enteract.com]
> ----------------
> "If you're so special, why aren't you dead?"
> 
> 

• Previous message (by thread): how to protect name servers against cache corruption
• Next message (by thread): off-topic (Re: how to protect name servers against cache corruption )
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]