how to protect name servers against cache corruption

• Previous message (by thread): how to protect name servers against cache corruption
• Next message (by thread): how to protect name servers against cache corruption
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Paul has made it clear that there are holes in the DNS protocols that
cannot be fixed without DNSSEC. He isn't papering anything over -- he
is merely describing reality. If you want to be sarcastic to him for
doing his best and being honest in public, well, that's fine, but
frankly I think you are doing the community a serious disservice by
attacking Paul.

.pm

"Thomas H. Ptacek" writes:
> > BIND 4.9.6 and 8.1.1 are immune to all known attacks, including the one
> 
> [ splice ]
> 
> > I know of attacks we are not immune to, which cannot be stopped without
> 
> Um. I hate to play semantic games, but if you know of attacks that BIND
> 8.1.1 is not immune to, then BIND 8.1.1 is not immune to all known
> attacks.
> 
> Since this is not a security list, I'll refrain from (rhetorically)
> informing you that history doesn't back up your assertion of the existence
> of "holes that only the good guys know".
> 
> Oops. Sorry about that.
> 
> Thanks for clearing this up!
> 
> ----------------
> Thomas Ptacek at EnterAct, L.L.C., Chicago, IL [tqbf at enteract.com]
> ----------------
> "If you're so special, why aren't you dead?"
> 
> 

• Previous message (by thread): how to protect name servers against cache corruption
• Next message (by thread): how to protect name servers against cache corruption
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]