On-going Internet Emergency and Domain Names

Paul Vixie vixie at vix.com
Sat Mar 31 06:09:30 UTC 2007

whoa.  this is like deja vu all over again.  when barb at CERT asked me to
patch BIND gethostbyaddr() back in 1994 or so to disallow non-ascii host
names in order to protect sendmail from a /var/spool/mqueue/qf* formatting
vulnerability, i was fresh off the boat and did as i was asked.  a dozen
years later i find that that bug in sendmail is long gone, but the pain
from BIND's "check-names" logic is still with us.  i did the wrong thing
and i should have said "just fix sendmail, i don't care how much easier
it would be to patch libc, that's just wrong."

are we really going to stop malware by blackholing its domain names?  if
so then i've got some phone calls to make.
Paul Vixie

More information about the NANOG mailing list