how to protect name servers against cache corruption
Perry E. Metzger
perry at piermont.com
Wed Jul 30 02:30:50 UTC 1997
"Thomas H. Ptacek" writes:
> > Paul has made it clear that there are holes in the DNS protocols that
> > cannot be fixed without DNSSEC. He isn't papering anything over -- he
>
> Thank you for clearing this up. For the record, my only intention is to
> clarify the facts surrounding the DNS security issues that have been
> popularized by the recent Alternic attacks. I think I have done this. To
> reiterate: BIND 8.1.1 is not immune to all the variants of the attack used
> by the Alternic,
No, it *is* immune to all variants on *THAT* attack. It isn't immune
to other sorts of attacks.
Perry
More information about the NANOG
mailing list