how to protect name servers against cache corruption

Perry E. Metzger perry at piermont.com
Wed Jul 30 02:30:50 UTC 1997


"Thomas H. Ptacek" writes:
> > Paul has made it clear that there are holes in the DNS protocols that
> > cannot be fixed without DNSSEC. He isn't papering anything over -- he
> 
> Thank you for clearing this up. For the record, my only intention is to
> clarify the facts surrounding the DNS security issues that have been
> popularized by the recent Alternic attacks. I think I have done this. To
> reiterate: BIND 8.1.1 is not immune to all the variants of the attack used
> by the Alternic,

No, it *is* immune to all variants on *THAT* attack. It isn't immune
to other sorts of attacks.

Perry



More information about the NANOG mailing list