Curing the BIND pain

• Previous message (by thread): Curing the BIND pain
• Next message (by thread): Curing the BIND pain
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

In the immortal words of Michael.Dillon at radianz.com (Michael.Dillon at radianz.com):
> 
> I suggest that an appropriate technique would be for the BIND server to 
> originate traffic on it's local subnet that would look suspicious and 
> possibly trigger intrusion alarms. 

Good lord.

I'm a little stuck for a proper analogy for this.  A car that
"helpfully" starts emitting noxious smoke to let you know that it's
time for a tune-up?  A refridgerator that drips bleach into your
vegetable drawers to remind you to replace the coolant?  An answering
machine that replaces the outgoing message with a stream of
profanities to alert callers that the incoming message tape is full?

If people are so concerned about BIND's security that they're willing
to seriously consider implementing ideas like this, why are they not
willing to either consider replacing BIND with DNS software that is
secure by design (*cough* *cough*), or paying the ISC to produce a
properly secured BIND?  

The solution to the Ford Pinto problem was not to recommend that
people duct-tape sofa cushions and homemade warning lights to the back
bumper.

-n

------------------------------------------------------------<memory at blank.org>
"Thus do `Snuff Movies' take their place with `Political-Correctness,' `Sex 
Addiction,' and `Postmodernism' as Godzillas of bogus moral panic, always 
threatening to crush the nation in their jaws, but never quite willing to take 
the final step of biting down.                                (--www.suck.com)
<http://blank.org/memory/>----------------------------------------------------

• Previous message (by thread): Curing the BIND pain
• Next message (by thread): Curing the BIND pain
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]