On-going Internet Emergency and Domain Names

• Previous message (by thread): On-going Internet Emergency and Domain Names
• Next message (by thread): On-going Internet Emergency and Domain Names
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

whoa.  this is like deja vu all over again.  when barb at CERT asked me to
patch BIND gethostbyaddr() back in 1994 or so to disallow non-ascii host
names in order to protect sendmail from a /var/spool/mqueue/qf* formatting
vulnerability, i was fresh off the boat and did as i was asked.  a dozen
years later i find that that bug in sendmail is long gone, but the pain
from BIND's "check-names" logic is still with us.  i did the wrong thing
and i should have said "just fix sendmail, i don't care how much easier
it would be to patch libc, that's just wrong."

are we really going to stop malware by blackholing its domain names?  if
so then i've got some phone calls to make.
-- 
Paul Vixie

• Previous message (by thread): On-going Internet Emergency and Domain Names
• Next message (by thread): On-going Internet Emergency and Domain Names
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]